Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1572021
MD5:0f2fe11ad182a5dacccb11f8aec704d0
SHA1:4a20e305c64c6817a1a4fb95157e1b4ffc4c8d4f
SHA256:3c85a11120f1473f832bb6956f67b534a16205f9454abf2116237f0007cf9f89
Tags:exeuser-Bitsight
Infos:

Detection

LummaC Stealer
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
Found malware configuration
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Hides threads from debuggers
Machine Learning detection for sample
PE file contains section with special chars
Sample uses string decryption to hide its real strings
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Detected potential crypto function
Entry point lies outside standard sections
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 2080 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 0F2FE11AD182A5DACCCB11F8AEC704D0)
  • cleanup

Malware Configuration

Threatname: LummaC

{"C2 url": ["dwell-exclaim.biz", "zinc-sneark.biz", "atten-supporse.biz", "formy-spill.biz", "print-vexer.biz", "impend-differ.biz", "covery-mover.biz", "se-blurry.biz", "dare-curbys.biz"], "Build id": "LOGS11--LiveTraffic"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    decrypted.memstrJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

      Sigma Signatures

      No Sigma rule has matched

      Suricata Signatures

      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-10T01:33:00.772458+010020283713Unknown Traffic192.168.2.449730104.21.80.1443TCP
      2024-12-10T01:33:03.247751+010020283713Unknown Traffic192.168.2.449731104.21.80.1443TCP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-10T01:33:02.062965+010020546531A Network Trojan was detected192.168.2.449730104.21.80.1443TCP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-10T01:33:02.062965+010020498361A Network Trojan was detected192.168.2.449730104.21.80.1443TCP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-10T01:33:00.772458+010020579221Domain Observed Used for C2 Detected192.168.2.449730104.21.80.1443TCP
      2024-12-10T01:33:03.247751+010020579221Domain Observed Used for C2 Detected192.168.2.449731104.21.80.1443TCP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-10T01:32:59.315489+010020579211Domain Observed Used for C2 Detected192.168.2.4492501.1.1.153UDP

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Antivirus / Scanner detection for submitted sample
      Source: file.exeAvira: detected
      Antivirus detection for URL or domain
      Source: https://atten-supporse.biz/7EAvira URL Cloud: Label: malware
      Source: https://atten-supporse.biz/gEAvira URL Cloud: Label: malware
      Source: https://atten-supporse.biz/WEAvira URL Cloud: Label: malware
      Source: https://atten-supporse.biz/GE1Avira URL Cloud: Label: malware
      Source: https://atten-supporse.biz/apiw3Avira URL Cloud: Label: malware
      Found malware configuration
      Source: file.exe.2080.0.memstrminMalware Configuration Extractor: LummaC {"C2 url": ["dwell-exclaim.biz", "zinc-sneark.biz", "atten-supporse.biz", "formy-spill.biz", "print-vexer.biz", "impend-differ.biz", "covery-mover.biz", "se-blurry.biz", "dare-curbys.biz"], "Build id": "LOGS11--LiveTraffic"}
      Multi AV Scanner detection for submitted file
      Source: file.exeVirustotal: Detection: 48%Perma Link
      AI detected suspicious sample
      Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
      Machine Learning detection for sample
      Source: file.exeJoe Sandbox ML: detected
      Sample uses string decryption to hide its real strings
      Source: 00000000.00000003.1692660005.00000000052D0000.00000004.00001000.00020000.00000000.sdmpString decryptor: impend-differ.biz
      Source: 00000000.00000003.1692660005.00000000052D0000.00000004.00001000.00020000.00000000.sdmpString decryptor: print-vexer.biz
      Source: 00000000.00000003.1692660005.00000000052D0000.00000004.00001000.00020000.00000000.sdmpString decryptor: dare-curbys.biz
      Source: 00000000.00000003.1692660005.00000000052D0000.00000004.00001000.00020000.00000000.sdmpString decryptor: covery-mover.biz
      Source: 00000000.00000003.1692660005.00000000052D0000.00000004.00001000.00020000.00000000.sdmpString decryptor: formy-spill.biz
      Source: 00000000.00000003.1692660005.00000000052D0000.00000004.00001000.00020000.00000000.sdmpString decryptor: dwell-exclaim.biz
      Source: 00000000.00000003.1692660005.00000000052D0000.00000004.00001000.00020000.00000000.sdmpString decryptor: zinc-sneark.biz
      Source: 00000000.00000003.1692660005.00000000052D0000.00000004.00001000.00020000.00000000.sdmpString decryptor: se-blurry.biz
      Source: 00000000.00000003.1692660005.00000000052D0000.00000004.00001000.00020000.00000000.sdmpString decryptor: atten-supporse.biz
      Source: 00000000.00000003.1692660005.00000000052D0000.00000004.00001000.00020000.00000000.sdmpString decryptor: lid=%s&j=%s&ver=4.0
      Source: 00000000.00000003.1692660005.00000000052D0000.00000004.00001000.00020000.00000000.sdmpString decryptor: TeslaBrowser/5.5
      Source: 00000000.00000003.1692660005.00000000052D0000.00000004.00001000.00020000.00000000.sdmpString decryptor: - Screen Resoluton:
      Source: 00000000.00000003.1692660005.00000000052D0000.00000004.00001000.00020000.00000000.sdmpString decryptor: - Physical Installed Memory:
      Source: 00000000.00000003.1692660005.00000000052D0000.00000004.00001000.00020000.00000000.sdmpString decryptor: Workgroup: -
      Source: 00000000.00000003.1692660005.00000000052D0000.00000004.00001000.00020000.00000000.sdmpString decryptor: LOGS11--LiveTraffic
      Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
      Source: unknownHTTPS traffic detected: 104.21.80.1:443 -> 192.168.2.4:49730 version: TLS 1.2
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx+05h]0_2_00B3A960
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov byte ptr [edx], bl0_2_00B3CE55
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov edx, ecx0_2_00B39CC0
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax-0BF7BDDDh]0_2_00B55F7D
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]0_2_00B5A060
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+79314A46h]0_2_00B56170
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov ecx, eax0_2_00B52270
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov byte ptr [edi+ebx], 00000000h0_2_00B3C274
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then push eax0_2_00B3C36E
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ebx, byte ptr [edx]0_2_00B645F0
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+ebp*8], 299A4ECDh0_2_00B6E690
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], cx0_2_00B586F0
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp al, 2Eh0_2_00B566E7
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx esi, byte ptr [esp+eax+36A27D27h]0_2_00B5C6D7
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov byte ptr [esi], al0_2_00B5C6D7
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx+07540F19h]0_2_00B5C6D7
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx+07540F19h]0_2_00B5C6D7
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp byte ptr [esi+ebx], 00000000h0_2_00B5A630
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], cx0_2_00B50717
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [ecx], dx0_2_00B50717
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], cx0_2_00B586F0
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then add ebp, dword ptr [esp+0Ch]0_2_00B5AAD0
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-10h]0_2_00B6CAC0
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ebp, word ptr [ecx+ebx*2]0_2_00B66B20
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ebx, byte ptr [ecx+esi]0_2_00B32B70
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-10h]0_2_00B6CCE0
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-10h]0_2_00B6CD60
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp word ptr [ebp+edx+02h], 0000h0_2_00B4CEA5
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edi, byte ptr [esi+eax-000000BCh]0_2_00B46E97
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov edi, eax0_2_00B46E97
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-10h]0_2_00B6CE00
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ecx+edx*8], B430E561h0_2_00B44F08
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov ecx, edx0_2_00B44F08
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then add ebx, 03h0_2_00B58F5D
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov byte ptr [esi], cl0_2_00B5D085
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov byte ptr [esi], cl0_2_00B5D085
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov edx, ecx0_2_00B4D087
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov edx, ecx0_2_00B4D074
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edi, byte ptr [esi+eax-000000BCh]0_2_00B47190
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+1Ch]0_2_00B592D0
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov edx, ebx0_2_00B592D0
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [00B74284h]0_2_00B55230
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov byte ptr [edi], bl0_2_00B5B3DE
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov byte ptr [edi], bl0_2_00B5B3DE
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [ecx], dx0_2_00B57307
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ebx, bx0_2_00B5536C
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov byte ptr [ebx], al0_2_00B5B4BB
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp eax0_2_00B5B475
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then add eax, dword ptr [esp+ecx*4+24h]0_2_00B37470
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ecx, word ptr [edi+esi*4]0_2_00B37470
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx-41h]0_2_00B596D8
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx+2Ch]0_2_00B57653
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebx+esi*8], B430E561h0_2_00B55920
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov ebx, eax0_2_00B35910
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov ebp, eax0_2_00B35910
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edi, byte ptr [esi+eax-000000BCh]0_2_00B46E97
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov edi, eax0_2_00B46E97
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edi, byte ptr [esi+eax-000000BCh]0_2_00B4597D
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov byte ptr [eax], cl0_2_00B45ADC
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp word ptr [edi+ebx+02h], 0000h0_2_00B6DBD0
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edx+ecx*8], 29DF508Eh0_2_00B6DCF0
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], B430E561h0_2_00B49C10
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], dx0_2_00B47E82
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edi, byte ptr [esi+ecx-000000BCh]0_2_00B45EE0
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], cx0_2_00B51EE0
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edx+ecx*8], 2298EE00h0_2_00B6DFB0
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax-51BA460Ah]0_2_00B5BFD3
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax-51BA460Ah]0_2_00B5BFDA
      Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax-0BF7BDDDh]0_2_00B55F7D

      Networking

      barindex
      Suricata IDS alerts for network traffic
      Source: Network trafficSuricata IDS: 2057921 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (atten-supporse .biz) : 192.168.2.4:49250 -> 1.1.1.1:53
      Source: Network trafficSuricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.4:49731 -> 104.21.80.1:443
      Source: Network trafficSuricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.4:49730 -> 104.21.80.1:443
      Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49730 -> 104.21.80.1:443
      Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49730 -> 104.21.80.1:443
      C2 URLs / IPs found in malware configuration
      Source: Malware configuration extractorURLs: dwell-exclaim.biz
      Source: Malware configuration extractorURLs: zinc-sneark.biz
      Source: Malware configuration extractorURLs: atten-supporse.biz
      Source: Malware configuration extractorURLs: formy-spill.biz
      Source: Malware configuration extractorURLs: print-vexer.biz
      Source: Malware configuration extractorURLs: impend-differ.biz
      Source: Malware configuration extractorURLs: covery-mover.biz
      Source: Malware configuration extractorURLs: se-blurry.biz
      Source: Malware configuration extractorURLs: dare-curbys.biz
      Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49731 -> 104.21.80.1:443
      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49730 -> 104.21.80.1:443
      Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: atten-supporse.biz
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: global trafficDNS traffic detected: DNS query: atten-supporse.biz
      Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: atten-supporse.biz
      Source: file.exe, 00000000.00000003.1735592973.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1736587563.00000000014DE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1735492795.0000000001483000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://atten-supporse.biz/7E
      Source: file.exe, 00000000.00000003.1735592973.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1736587563.00000000014DE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1735492795.0000000001483000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://atten-supporse.biz/GE1
      Source: file.exe, 00000000.00000003.1735592973.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1736587563.00000000014DE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1735492795.0000000001483000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://atten-supporse.biz/WE
      Source: file.exe, 00000000.00000003.1735492795.0000000001483000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://atten-supporse.biz/api
      Source: file.exe, 00000000.00000003.1735592973.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1736587563.00000000014DE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1735492795.0000000001483000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://atten-supporse.biz/apii
      Source: file.exe, 00000000.00000003.1735592973.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1736587563.00000000014DE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1735492795.0000000001483000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://atten-supporse.biz/apit
      Source: file.exe, 00000000.00000002.1736490291.0000000001486000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1735608820.0000000001485000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1735492795.0000000001483000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://atten-supporse.biz/apiw3
      Source: file.exe, 00000000.00000003.1735592973.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1736587563.00000000014DE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1735492795.0000000001483000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://atten-supporse.biz/gE
      Source: file.exe, 00000000.00000003.1735492795.000000000146F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1736490291.000000000146F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://atten-supporse.biz:443/api
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
      Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
      Source: unknownHTTPS traffic detected: 104.21.80.1:443 -> 192.168.2.4:49730 version: TLS 1.2

      System Summary

      barindex
      PE file contains section with special chars
      Source: file.exeStatic PE information: section name:
      Source: file.exeStatic PE information: section name: .idata
      Source: file.exeStatic PE information: section name:
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B387F00_2_00B387F0
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B3A9600_2_00B3A960
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B66F900_2_00B66F90
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C700C60_2_00C700C6
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B580B00_2_00B580B0
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BD80B20_2_00BD80B2
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C3C0D70_2_00C3C0D7
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BE40880_2_00BE4088
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C1C0F70_2_00C1C0F7
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B9C0810_2_00B9C081
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BBC0820_2_00BBC082
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C6C0FD0_2_00C6C0FD
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C280FE0_2_00C280FE
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BC00E40_2_00BC00E4
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C500A20_2_00C500A2
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BFC0D60_2_00BFC0D6
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BAA0D60_2_00BAA0D6
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B680D90_2_00B680D9
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BF20D00_2_00BF20D0
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C7E0440_2_00C7E044
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B6A0300_2_00B6A030
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C900400_2_00C90040
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BD202C0_2_00BD202C
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C5E0580_2_00C5E058
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BEC0770_2_00BEC077
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BB00700_2_00BB0070
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B55F7D0_2_00B55F7D
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C120170_2_00C12017
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BF00670_2_00BF0067
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B3E06A0_2_00B3E06A
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C740200_2_00C74020
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C3E0280_2_00C3E028
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C2A0360_2_00C2A036
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C980360_2_00C98036
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CAA1CC0_2_00CAA1CC
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BAC19D0_2_00BAC19D
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B381F00_2_00B381F0
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BA81F20_2_00BA81F2
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CA01860_2_00CA0186
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C481980_2_00C48198
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C961A90_2_00C961A9
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B601D00_2_00B601D0
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BC21C90_2_00BC21C9
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C261B80_2_00C261B8
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C801430_2_00C80143
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BEE12A0_2_00BEE12A
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C661530_2_00C66153
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C7A16B0_2_00C7A16B
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B5A1000_2_00B5A100
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C9A17F0_2_00C9A17F
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C7817C0_2_00C7817C
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C1A17F0_2_00C1A17F
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C3417C0_2_00C3417C
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B561700_2_00B56170
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C081090_2_00C08109
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BDC15E0_2_00BDC15E
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C521260_2_00C52126
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C7612B0_2_00C7612B
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B9E1400_2_00B9E140
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C0E1390_2_00C0E139
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C002C80_2_00C002C8
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C202CC0_2_00C202CC
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C862DD0_2_00C862DD
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B3E2A90_2_00B3E2A9
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BE228E0_2_00BE228E
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C162F30_2_00C162F3
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C102FD0_2_00C102FD
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C502FB0_2_00C502FB
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BF42FA0_2_00BF42FA
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BE62E70_2_00BE62E7
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C542A70_2_00C542A7
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BE82D70_2_00BE82D7
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B982CB0_2_00B982CB
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B6E2C00_2_00B6E2C0
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BFA2330_2_00BFA233
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B9A2190_2_00B9A219
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B362000_2_00B36200
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C242750_2_00C24275
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B342700_2_00B34270
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B522700_2_00B52270
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BCC2740_2_00BCC274
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C9E21F0_2_00C9E21F
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C4222E0_2_00C4222E
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C022300_2_00C02230
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BA62460_2_00BA6246
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C363C20_2_00C363C2
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C183CD0_2_00C183CD
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C443D50_2_00C443D5
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C6E3D10_2_00C6E3D1
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CE03D50_2_00CE03D5
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C4C3E50_2_00C4C3E5
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BF03990_2_00BF0399
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BEE38C0_2_00BEE38C
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C843FB0_2_00C843FB
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C943FE0_2_00C943FE
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C303FF0_2_00C303FF
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B6A3F00_2_00B6A3F0
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C4E38C0_2_00C4E38C
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BB63F60_2_00BB63F6
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CA239E0_2_00CA239E
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BBC3E50_2_00BBC3E5
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C2E3A70_2_00C2E3A7
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C3A3AA0_2_00C3A3AA
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BCC3CC0_2_00BCC3CC
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B9C3380_2_00B9C338
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BB83380_2_00BB8338
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C723430_2_00C72343
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BDC3380_2_00BDC338
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C8E36F0_2_00C8E36F
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C3C36D0_2_00C3C36D
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C8C3190_2_00C8C319
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B4C3600_2_00B4C360
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BB435F0_2_00BB435F
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C963310_2_00C96331
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C884C50_2_00C884C5
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C244EB0_2_00C244EB
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B9C4810_2_00B9C481
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BF24F20_2_00BF24F2
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C1C4950_2_00C1C495
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BAA4D10_2_00BAA4D1
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C904A40_2_00C904A4
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C7C4A80_2_00C7C4A8
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C3E4B40_2_00C3E4B4
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B964C40_2_00B964C4
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C0A4410_2_00C0A441
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B9243A0_2_00B9243A
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B664300_2_00B66430
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C3245B0_2_00C3245B
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C7E4580_2_00C7E458
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BD040E0_2_00BD040E
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B944070_2_00B94407
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C1441C0_2_00C1441C
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C5041B0_2_00C5041B
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BCE4560_2_00BCE456
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C484350_2_00C48435
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C1243D0_2_00C1243D
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C105C80_2_00C105C8
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C665CA0_2_00C665CA
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C7E5CA0_2_00C7E5CA
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C2A5EB0_2_00C2A5EB
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BEA5920_2_00BEA592
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B9E5960_2_00B9E596
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BBE5880_2_00BBE588
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C705810_2_00C70581
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BFA5E50_2_00BFA5E5
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C0C5B20_2_00C0C5B2
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C4C5400_2_00C4C540
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C9855E0_2_00C9855E
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BB05130_2_00BB0513
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BFC5140_2_00BFC514
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C5056E0_2_00C5056E
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BD85790_2_00BD8579
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B465710_2_00B46571
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BC25770_2_00BC2577
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C9A5020_2_00C9A502
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C066D00_2_00C066D0
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BA86AC0_2_00BA86AC
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CEA6EE0_2_00CEA6EE
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B366900_2_00B36690
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BB869F0_2_00BB869F
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B666900_2_00B66690
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B6E6900_2_00B6E690
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C726EB0_2_00C726EB
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B566E70_2_00B566E7
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B5C6D70_2_00B5C6D7
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C766AB0_2_00C766AB
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C206BE0_2_00C206BE
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BFC6C10_2_00BFC6C1
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C646410_2_00C64641
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C366500_2_00C36650
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BC46280_2_00BC4628
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C3C65D0_2_00C3C65D
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C8C66F0_2_00C8C66F
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C746700_2_00C74670
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BA46030_2_00BA4603
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B426700_2_00B42670
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BFE6710_2_00BFE671
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C5460A0_2_00C5460A
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C0461D0_2_00C0461D
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C2461C0_2_00C2461C
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BDE6460_2_00BDE646
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BF67B70_2_00BF67B7
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B927B50_2_00B927B5
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C927C60_2_00C927C6
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B467A50_2_00B467A5
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C147E70_2_00C147E7
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C4E7EE0_2_00C4E7EE
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C027ED0_2_00C027ED
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C587F50_2_00C587F5
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C567FD0_2_00C567FD
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C967F10_2_00C967F1
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C5A7F80_2_00C5A7F8
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C0E7810_2_00C0E781
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BE27F70_2_00BE27F7
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C3E78C0_2_00C3E78C
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C1E7930_2_00C1E793
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BDC7DE0_2_00BDC7DE
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BB47DF0_2_00BB47DF
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B967C90_2_00B967C9
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C367B00_2_00C367B0
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C8E7BE0_2_00C8E7BE
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C187410_2_00C18741
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C9874D0_2_00C9874D
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B487310_2_00B48731
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C787570_2_00C78757
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B507170_2_00B50717
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B9870A0_2_00B9870A
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BBA7050_2_00BBA705
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BCE77B0_2_00BCE77B
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BC87540_2_00BC8754
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BDA7550_2_00BDA755
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C2C73D0_2_00C2C73D
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C948CF0_2_00C948CF
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BA48B50_2_00BA48B5
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BAA8990_2_00BAA899
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C048E90_2_00C048E9
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C4C8FF0_2_00C4C8FF
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BC28F70_2_00BC28F7
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BCA8F10_2_00BCA8F1
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BAC8380_2_00BAC838
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C6E8440_2_00C6E844
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C8A8400_2_00C8A840
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BB68310_2_00BB6831
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B9082D0_2_00B9082D
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C8885F0_2_00C8885F
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C628660_2_00C62866
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C408660_2_00C40866
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BEC81D0_2_00BEC81D
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BCC80D0_2_00BCC80D
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C168000_2_00C16800
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C4681A0_2_00C4681A
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CE88260_2_00CE8826
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B9C8410_2_00B9C841
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BE49BA0_2_00BE49BA
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C209CE0_2_00C209CE
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C349D10_2_00C349D1
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BFA9A20_2_00BFA9A2
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C849D60_2_00C849D6
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B389900_2_00B38990
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BC498A0_2_00BC498A
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BCC9850_2_00BCC985
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C589800_2_00C58980
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C109880_2_00C10988
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C4A9AA0_2_00C4A9AA
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C389B00_2_00C389B0
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C9A94E0_2_00C9A94E
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C909580_2_00C90958
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C3C95C0_2_00C3C95C
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C549720_2_00C54972
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CE29770_2_00CE2977
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C6A9010_2_00C6A901
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BB29720_2_00BB2972
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B5297F0_2_00B5297F
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BC09730_2_00BC0973
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C6091C0_2_00C6091C
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BAC9640_2_00BAC964
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C0A9210_2_00C0A921
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BD095F0_2_00BD095F
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BE69580_2_00BE6958
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C8E9320_2_00C8E932
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BB49440_2_00BB4944
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BDEAB70_2_00BDEAB7
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C46ACF0_2_00C46ACF
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B98AB40_2_00B98AB4
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BF0AAF0_2_00BF0AAF
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C54AD40_2_00C54AD4
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BCEA990_2_00BCEA99
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C00AF00_2_00C00AF0
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C7EAF70_2_00C7EAF7
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BBAA880_2_00BBAA88
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C74A900_2_00C74A90
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C2AAA20_2_00C2AAA2
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C5EAAF0_2_00C5EAAF
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BA8AD10_2_00BA8AD1
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B6CAC00_2_00B6CAC0
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BF4AC40_2_00BF4AC4
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BD8A3D0_2_00BD8A3D
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C0CA470_2_00C0CA47
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C70A490_2_00C70A49
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BBEA290_2_00BBEA29
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C2EA560_2_00C2EA56
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BA6A2F0_2_00BA6A2F
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C26A550_2_00C26A55
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C28A650_2_00C28A65
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BDAA010_2_00BDAA01
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C7AA7B0_2_00C7AA7B
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CF2A090_2_00CF2A09
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C92A170_2_00C92A17
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C6CA250_2_00C6CA25
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B3CA540_2_00B3CA54
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C9EA230_2_00C9EA23
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C8CA390_2_00C8CA39
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B44A400_2_00B44A40
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BEAA460_2_00BEAA46
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C80A340_2_00C80A34
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C86BCE0_2_00C86BCE
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C36BC40_2_00C36BC4
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B34BA00_2_00B34BA0
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BA2BAE0_2_00BA2BAE
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BCABA60_2_00BCABA6
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B94BA70_2_00B94BA7
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C62BE40_2_00C62BE4
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C42BEF0_2_00C42BEF
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C26BF30_2_00C26BF3
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BE2BF30_2_00BE2BF3
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C04B8D0_2_00C04B8D
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C56B8B0_2_00C56B8B
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C2EB930_2_00C2EB93
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C24B9F0_2_00C24B9F
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C48BA40_2_00C48BA4
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C1CBAD0_2_00C1CBAD
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BE4BD30_2_00BE4BD3
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C94BBB0_2_00C94BBB
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C40BBD0_2_00C40BBD
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C18BBB0_2_00C18BBB
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B9ABC70_2_00B9ABC7
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BF8B370_2_00BF8B37
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BFCB270_2_00BFCB27
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BECB0D0_2_00BECB0D
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B46B7E0_2_00B46B7E
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B9EB740_2_00B9EB74
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C76B2C0_2_00C76B2C
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BD4B510_2_00BD4B51
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B4CB5A0_2_00B4CB5A
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BB6B4B0_2_00BB6B4B
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C2CB330_2_00C2CB33
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C08B3C0_2_00C08B3C
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C14CC90_2_00C14CC9
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C32CC80_2_00C32CC8
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BA6CF90_2_00BA6CF9
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C02C8A0_2_00C02C8A
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C16C8D0_2_00C16C8D
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B52CF80_2_00B52CF8
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B6CCE00_2_00B6CCE0
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C80CAA0_2_00C80CAA
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C0AC580_2_00C0AC58
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C50C5F0_2_00C50C5F
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B48C1E0_2_00B48C1E
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BC0C7C0_2_00BC0C7C
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BAAC7B0_2_00BAAC7B
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C72C160_2_00C72C16
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C8AC160_2_00C8AC16
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CA0C290_2_00CA0C29
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C9CC260_2_00C9CC26
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BCEC4F0_2_00BCEC4F
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C82C3C0_2_00C82C3C
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C96C3D0_2_00C96C3D
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B66C400_2_00B66C40
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B64C4D0_2_00B64C4D
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C46DE70_2_00C46DE7
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BB2DFC0_2_00BB2DFC
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BDADE00_2_00BDADE0
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C62D550_2_00C62D55
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C8AD5C0_2_00C8AD5C
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C6CD500_2_00C6CD50
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BD8D210_2_00BD8D21
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CCAD630_2_00CCAD63
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C0ED6F0_2_00C0ED6F
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BE4D0D0_2_00BE4D0D
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C66D720_2_00C66D72
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C44D7E0_2_00C44D7E
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BFAD030_2_00BFAD03
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C1CD7C0_2_00C1CD7C
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C3CD070_2_00C3CD07
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C4AD010_2_00C4AD01
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BCAD770_2_00BCAD77
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B6CD600_2_00B6CD60
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C6ED1A0_2_00C6ED1A
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B98D550_2_00B98D55
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C4CD280_2_00C4CD28
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BACD540_2_00BACD54
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BB4D420_2_00BB4D42
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BF2D460_2_00BF2D46
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BFCD420_2_00BFCD42
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BC6EB70_2_00BC6EB7
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B56EBE0_2_00B56EBE
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C0CED20_2_00C0CED2
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B32EA00_2_00B32EA0
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C94ED10_2_00C94ED1
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C34EDE0_2_00C34EDE
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BD4EA20_2_00BD4EA2
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B46E970_2_00B46E97
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C2EEE50_2_00C2EEE5
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BB6E840_2_00BB6E84
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BF2EEF0_2_00BF2EEF
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C98E980_2_00C98E98
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B98EED0_2_00B98EED
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C4AE9A0_2_00C4AE9A
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C20EA40_2_00C20EA4
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B9CE3D0_2_00B9CE3D
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C64E600_2_00C64E60
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C2AE680_2_00C2AE68
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B4AE000_2_00B4AE00
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B6CE000_2_00B6CE00
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BA6E7B0_2_00BA6E7B
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C5EE090_2_00C5EE09
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C84E230_2_00C84E23
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C70E330_2_00C70E33
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C1EFC00_2_00C1EFC0
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B48FAD0_2_00B48FAD
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BD6FA00_2_00BD6FA0
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C00FE40_2_00C00FE4
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C9EFF40_2_00C9EFF4
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B94FE80_2_00B94FE8
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C68F930_2_00C68F93
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C86F9E0_2_00C86F9E
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B40FD60_2_00B40FD6
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C32F420_2_00C32F42
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B4EF300_2_00B4EF30
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B90F310_2_00B90F31
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BA2F310_2_00BA2F31
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BE8F280_2_00BE8F28
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BA4F270_2_00BA4F27
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BDEF150_2_00BDEF15
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C74F6C0_2_00C74F6C
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C60F690_2_00C60F69
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C2CF730_2_00C2CF73
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CF0F750_2_00CF0F75
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B44F080_2_00B44F08
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C06F1A0_2_00C06F1A
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C04F270_2_00C04F27
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B58F5D0_2_00B58F5D
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C10F290_2_00C10F29
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C92F250_2_00C92F25
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BFEF430_2_00BFEF43
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BDD0B30_2_00BDD0B3
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C410D20_2_00C410D2
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BC10A70_2_00BC10A7
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BB10A50_2_00BB10A5
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C450ED0_2_00C450ED
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C890E60_2_00C890E6
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B5D0850_2_00B5D085
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C6B0F60_2_00C6B0F6
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BEB08A0_2_00BEB08A
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C9D08E0_2_00C9D08E
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C7D08E0_2_00C7D08E
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C050900_2_00C05090
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BE50D40_2_00BE50D4
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C5B0AA0_2_00C5B0AA
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BC30CA0_2_00BC30CA
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C5D0BF0_2_00C5D0BF
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C090BF0_2_00C090BF
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C650400_2_00C65040
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BB70310_2_00BB7031
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BE30320_2_00BE3032
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B9701D0_2_00B9701D
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C3D06E0_2_00C3D06E
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BAF0780_2_00BAF078
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B390700_2_00B39070
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C4301D0_2_00C4301D
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C0B01C0_2_00C0B01C
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BAB0670_2_00BAB067
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C570350_2_00C57035
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C2703C0_2_00C2703C
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BC91B00_2_00BC91B0
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C511D50_2_00C511D5
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C7B1D10_2_00C7B1D1
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C291D90_2_00C291D9
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C471E70_2_00C471E7
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B471900_2_00B47190
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BA71950_2_00BA7195
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BEF1FC0_2_00BEF1FC
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C8D18A0_2_00C8D18A
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C2F1870_2_00C2F187
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C5F18F0_2_00C5F18F
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C991AD0_2_00C991AD
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BE11D80_2_00BE11D8
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BFF1D80_2_00BFF1D8
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BDD1CC0_2_00BDD1CC
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C831BB0_2_00C831BB
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BCB1C20_2_00BCB1C2
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C331550_2_00C33155
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C0F1000_2_00C0F100
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C6711E0_2_00C6711E
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B9D1630_2_00B9D163
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BB91480_2_00BB9148
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C491320_2_00C49132
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C811310_2_00C81131
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C772C60_2_00C772C6
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B492BA0_2_00B492BA
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C3F2D40_2_00C3F2D4
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B9B29E0_2_00B9B29E
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BF528D0_2_00BF528D
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B932F80_2_00B932F8
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D652930_2_00D65293
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BB32F60_2_00BB32F6
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BA52F40_2_00BA52F4
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C0D2950_2_00C0D295
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B592D00_2_00B592D0
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C792B70_2_00C792B7
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C3D2480_2_00C3D248
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C1524F0_2_00C1524F
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BBB2290_2_00BBB229
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C1D25E0_2_00C1D25E
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CA126B0_2_00CA126B
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C392740_2_00C39274
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BB52030_2_00BB5203
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C3527C0_2_00C3527C
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C6321D0_2_00C6321D
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BA92420_2_00BA9242
      Source: C:\Users\user\Desktop\file.exeCode function: String function: 00B38000 appears 55 times
      Source: C:\Users\user\Desktop\file.exeCode function: String function: 00B44A30 appears 76 times
      Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
      Source: file.exeStatic PE information: Section: ZLIB complexity 0.9975264922145328
      Source: file.exeStatic PE information: Section: yvenramj ZLIB complexity 0.9945109935946609
      Source: classification engineClassification label: mal100.troj.evad.winEXE@1/0@1/1
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B60A6C CoCreateInstance,0_2_00B60A6C
      Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: file.exeVirustotal: Detection: 48%
      Source: file.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
      Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\Desktop\file.exeJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: winmm.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: winhttp.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: webio.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: mswsock.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: iphlpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: winnsi.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: dnsapi.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: rasadhlp.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: fwpuclnt.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: schannel.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: mskeyprotect.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: ntasn1.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: ncrypt.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: ncryptsslp.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: msasn1.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: cryptsp.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: rsaenh.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: gpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: dpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: wbemcomn.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: amsi.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: version.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: file.exeStatic file information: File size 1832448 > 1048576
      Source: file.exeStatic PE information: Raw size of yvenramj is bigger than: 0x100000 < 0x197600

      Data Obfuscation

      barindex
      Detected unpacking (changes PE section rights)
      Source: C:\Users\user\Desktop\file.exeUnpacked PE file: 0.2.file.exe.b30000.0.unpack :EW;.rsrc:W;.idata :W; :EW;yvenramj:EW;vcuwzowy:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;yvenramj:EW;vcuwzowy:EW;.taggant:EW;
      Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
      Source: file.exeStatic PE information: real checksum: 0x1c1fb3 should be: 0x1ce117
      Source: file.exeStatic PE information: section name:
      Source: file.exeStatic PE information: section name: .idata
      Source: file.exeStatic PE information: section name:
      Source: file.exeStatic PE information: section name: yvenramj
      Source: file.exeStatic PE information: section name: vcuwzowy
      Source: file.exeStatic PE information: section name: .taggant
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B89295 push 270264ADh; mov dword ptr [esp], ebx0_2_00B89EA7
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CBA0C8 push esi; mov dword ptr [esp], edi0_2_00CBA103
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CBA0C8 push 791A3594h; mov dword ptr [esp], edx0_2_00CBA123
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CBA0C8 push esi; mov dword ptr [esp], ecx0_2_00CBA178
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CBA0C8 push edx; mov dword ptr [esp], ebx0_2_00CBA1C1
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D820C8 push ebx; mov dword ptr [esp], edi0_2_00D82118
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D9E081 push esi; mov dword ptr [esp], ebp0_2_00D9E0C0
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BC00E4 push 69A41596h; mov dword ptr [esp], ecx0_2_00BC06E7
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BC00E4 push 4B15E16Bh; mov dword ptr [esp], ecx0_2_00BC0718
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BC00E4 push eax; mov dword ptr [esp], ebp0_2_00BC074B
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BC00E4 push 60B48A68h; mov dword ptr [esp], eax0_2_00BC0753
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BC00E4 push ebp; mov dword ptr [esp], 3ACFDE01h0_2_00BC0816
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BC00E4 push eax; mov dword ptr [esp], ecx0_2_00BC0884
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BC00E4 push edi; mov dword ptr [esp], eax0_2_00BC08B6
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BC00E4 push 3C7D8C61h; mov dword ptr [esp], ebp0_2_00BC08CC
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BC00E4 push edx; mov dword ptr [esp], ecx0_2_00BC08E7
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BC00E4 push 1EE7729Bh; mov dword ptr [esp], ecx0_2_00BC0917
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B88014 push ebp; mov dword ptr [esp], ebx0_2_00B88016
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B8C06B push 22CE03E8h; mov dword ptr [esp], eax0_2_00B8C08A
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B88058 push ebx; mov dword ptr [esp], 2CF7511Bh0_2_00B881B8
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CAA1CC push ebx; mov dword ptr [esp], 737D497Ah0_2_00CAA202
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CAA1CC push edi; mov dword ptr [esp], ecx0_2_00CAA304
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CAA1CC push 156FD93Eh; mov dword ptr [esp], ebp0_2_00CAA357
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CAA1CC push ecx; mov dword ptr [esp], 1BD9A479h0_2_00CAA360
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D9E18D push 54218DBFh; mov dword ptr [esp], eax0_2_00D9E212
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B881E2 push 1E566D7Eh; mov dword ptr [esp], edx0_2_00B881EA
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B90174 push esi; mov dword ptr [esp], ebx0_2_00B90175
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B8C15B push esi; mov dword ptr [esp], ebx0_2_00B8C176
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B8C15B push eax; mov dword ptr [esp], 4F3B63AAh0_2_00B8C17F
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C7612B push esi; mov dword ptr [esp], edx0_2_00C76405
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C7612B push ecx; mov dword ptr [esp], edi0_2_00C7644E
      Source: file.exeStatic PE information: section name: entropy: 7.97558968085853
      Source: file.exeStatic PE information: section name: yvenramj entropy: 7.953649399394396

      Boot Survival

      barindex
      Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
      Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
      Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
      Source: C:\Users\user\Desktop\file.exeWindow searched: window name: RegmonClassJump to behavior
      Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
      Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
      Source: C:\Users\user\Desktop\file.exeWindow searched: window name: RegmonclassJump to behavior
      Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

      Malware Analysis System Evasion

      barindex
      Tries to detect sandboxes / dynamic malware analysis system (registry check)
      Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
      Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
      Tries to detect virtualization through RDTSC time measurements
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CFD9D9 second address: CFDA05 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0C10EAEB49h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c jp 00007F0C10EAEB36h 0x00000012 jo 00007F0C10EAEB36h 0x00000018 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CFDA05 second address: CFDA09 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CFDA09 second address: CFDA1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F0C10EAEB3Ah 0x0000000f push eax 0x00000010 pop eax 0x00000011 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CF40DF second address: CF40E3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CFD13B second address: CFD146 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 push esi 0x00000008 pop esi 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CFD146 second address: CFD165 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F0C10DA4036h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edi 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e push edi 0x0000000f pop edi 0x00000010 jmp 00007F0C10DA403Fh 0x00000015 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CFD165 second address: CFD16B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CFD16B second address: CFD174 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CFD174 second address: CFD191 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0C10EAEB47h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CFD191 second address: CFD1A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jo 00007F0C10DA4036h 0x0000000d jc 00007F0C10DA4036h 0x00000013 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CFFA2A second address: CFFA37 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CFFA37 second address: CFFA41 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F0C10DA4036h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CFFA41 second address: CFFA8A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0C10EAEB3Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push ebx 0x0000000d call 00007F0C10EAEB38h 0x00000012 pop ebx 0x00000013 mov dword ptr [esp+04h], ebx 0x00000017 add dword ptr [esp+04h], 00000014h 0x0000001f inc ebx 0x00000020 push ebx 0x00000021 ret 0x00000022 pop ebx 0x00000023 ret 0x00000024 push 00000000h 0x00000026 jmp 00007F0C10EAEB3Dh 0x0000002b push CEF6D891h 0x00000030 push eax 0x00000031 push edx 0x00000032 jl 00007F0C10EAEB3Ch 0x00000038 push eax 0x00000039 push edx 0x0000003a rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CFFA8A second address: CFFA8E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CFFBD7 second address: CFFBF3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0C10EAEB48h 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CFFBF3 second address: CFFC24 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0C10DA4046h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f push esi 0x00000010 push ebx 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 pop ebx 0x00000014 pop esi 0x00000015 mov eax, dword ptr [eax] 0x00000017 jc 00007F0C10DA403Eh 0x0000001d push eax 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CFFD7C second address: CFFD80 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D20A82 second address: D20AA2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0C10DA4044h 0x00000009 pop esi 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D20AA2 second address: D20AAD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F0C10EAEB36h 0x0000000a popad 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CE199D second address: CE19A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D1EE71 second address: D1EE75 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D1EE75 second address: D1EE93 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F0C10DA4044h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D1EE93 second address: D1EE97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D1EE97 second address: D1EE9B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D1EFC5 second address: D1EFD8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pushad 0x00000006 jmp 00007F0C10EAEB3Bh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D1F140 second address: D1F15E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop ecx 0x00000008 pushad 0x00000009 push edx 0x0000000a jmp 00007F0C10DA403Dh 0x0000000f pop edx 0x00000010 push eax 0x00000011 push edx 0x00000012 push edi 0x00000013 pop edi 0x00000014 push ecx 0x00000015 pop ecx 0x00000016 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D1F15E second address: D1F17B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0C10EAEB44h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D1F17B second address: D1F181 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D1F709 second address: D1F70D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CEEE9C second address: CEEEA0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CEEEA0 second address: CEEEAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CEEEAB second address: CEEEBE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 pop esi 0x0000000a push eax 0x0000000b push edx 0x0000000c push edx 0x0000000d push edi 0x0000000e pop edi 0x0000000f pop edx 0x00000010 push ecx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CEEEBE second address: CEEEC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CEEEC4 second address: CEEEC9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D1FAAF second address: D1FAB7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D1FAB7 second address: D1FABB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D1FABB second address: D1FADB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F0C10EAEB44h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D1FADB second address: D1FB07 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F0C10DA4049h 0x00000012 je 00007F0C10DA4036h 0x00000018 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D2027A second address: D2027E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D2027E second address: D20284 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D20284 second address: D2028B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D20582 second address: D205D0 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F0C10DA4045h 0x0000000a pop edi 0x0000000b push ebx 0x0000000c jmp 00007F0C10DA4048h 0x00000011 pop ebx 0x00000012 pop edx 0x00000013 pop eax 0x00000014 push esi 0x00000015 pushad 0x00000016 push edi 0x00000017 pop edi 0x00000018 jmp 00007F0C10DA4041h 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D255EC second address: D2561F instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007F0C10EAEB3Ch 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jnc 00007F0C10EAEB4Eh 0x00000014 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D2561F second address: D25625 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D25625 second address: D25629 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D25BCF second address: D25BEA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0C10DA4047h 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D24532 second address: D24543 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0C10EAEB3Dh 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D25CBC second address: D25CC2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D25CC2 second address: D25D23 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 jmp 00007F0C10EAEB3Ah 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 pushad 0x00000011 jmp 00007F0C10EAEB49h 0x00000016 jno 00007F0C10EAEB38h 0x0000001c popad 0x0000001d mov eax, dword ptr [eax] 0x0000001f jns 00007F0C10EAEB49h 0x00000025 mov dword ptr [esp+04h], eax 0x00000029 js 00007F0C10EAEB44h 0x0000002f push eax 0x00000030 push edx 0x00000031 push eax 0x00000032 push edx 0x00000033 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D25D23 second address: D25D27 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D277D7 second address: D277DC instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CDFED4 second address: CDFED8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CDFED8 second address: CDFEDE instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D2AE3C second address: D2AE67 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0C10DA4049h 0x00000007 je 00007F0C10DA4036h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jbe 00007F0C10DA403Eh 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D2AE67 second address: D2AE6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D2AE6D second address: D2AEA3 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007F0C10DA403Fh 0x00000008 jmp 00007F0C10DA4042h 0x0000000d pop edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F0C10DA403Fh 0x00000015 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D2AEA3 second address: D2AEA7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D2AEA7 second address: D2AEC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d jmp 00007F0C10DA4041h 0x00000012 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D2E29E second address: D2E2C7 instructions: 0x00000000 rdtsc 0x00000002 js 00007F0C10EAEB36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jmp 00007F0C10EAEB3Dh 0x00000010 jo 00007F0C10EAEB36h 0x00000016 popad 0x00000017 popad 0x00000018 push eax 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c push edi 0x0000001d pop edi 0x0000001e push esi 0x0000001f pop esi 0x00000020 popad 0x00000021 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D2E495 second address: D2E49F instructions: 0x00000000 rdtsc 0x00000002 js 00007F0C10DA4036h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D2EC9B second address: D2EC9F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D2EC9F second address: D2ECA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D2ED41 second address: D2ED47 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D2ED47 second address: D2ED78 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], ebx 0x0000000b push 00000000h 0x0000000d push edx 0x0000000e call 00007F0C10DA4038h 0x00000013 pop edx 0x00000014 mov dword ptr [esp+04h], edx 0x00000018 add dword ptr [esp+04h], 00000018h 0x00000020 inc edx 0x00000021 push edx 0x00000022 ret 0x00000023 pop edx 0x00000024 ret 0x00000025 nop 0x00000026 push ebx 0x00000027 push eax 0x00000028 push edx 0x00000029 push eax 0x0000002a push edx 0x0000002b rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D2ED78 second address: D2ED7C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D2EFE3 second address: D2EFED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007F0C10DA4036h 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D2EFED second address: D2F016 instructions: 0x00000000 rdtsc 0x00000002 js 00007F0C10EAEB36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e jmp 00007F0C10EAEB48h 0x00000013 push edi 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D2F0E9 second address: D2F0EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D2F0EE second address: D2F120 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0C10EAEB42h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b pushad 0x0000000c jg 00007F0C10EAEB36h 0x00000012 jmp 00007F0C10EAEB3Fh 0x00000017 popad 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D2F8E6 second address: D2F8F4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 js 00007F0C10DA4036h 0x0000000e rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D30232 second address: D302CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F0C10EAEB36h 0x0000000a popad 0x0000000b push eax 0x0000000c ja 00007F0C10EAEB4Eh 0x00000012 nop 0x00000013 mov dword ptr [ebp+122D2FEBh], edi 0x00000019 push 00000000h 0x0000001b mov edi, 2CFB9E18h 0x00000020 push 00000000h 0x00000022 push 00000000h 0x00000024 push ecx 0x00000025 call 00007F0C10EAEB38h 0x0000002a pop ecx 0x0000002b mov dword ptr [esp+04h], ecx 0x0000002f add dword ptr [esp+04h], 0000001Ah 0x00000037 inc ecx 0x00000038 push ecx 0x00000039 ret 0x0000003a pop ecx 0x0000003b ret 0x0000003c movsx esi, di 0x0000003f xchg eax, ebx 0x00000040 push ebx 0x00000041 je 00007F0C10EAEB4Fh 0x00000047 jmp 00007F0C10EAEB49h 0x0000004c pop ebx 0x0000004d push eax 0x0000004e push edx 0x0000004f push eax 0x00000050 push edx 0x00000051 jmp 00007F0C10EAEB44h 0x00000056 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D300D9 second address: D300DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D31D5A second address: D31D60 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D31D60 second address: D31D64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D333EE second address: D333F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D375FC second address: D37601 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D34769 second address: D34770 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D34770 second address: D34786 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jnl 00007F0C10DA403Ch 0x00000010 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D37B6A second address: D37BB3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 nop 0x00000007 clc 0x00000008 push 00000000h 0x0000000a jmp 00007F0C10EAEB47h 0x0000000f push 00000000h 0x00000011 jno 00007F0C10EAEB50h 0x00000017 push eax 0x00000018 pushad 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D35289 second address: D352B8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0C10DA4043h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edi 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F0C10DA4044h 0x00000012 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D37BB3 second address: D37BB7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D352B8 second address: D352BE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D3BCA8 second address: D3BCB1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D37E23 second address: D37E27 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D39C67 second address: D39C78 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F0C10EAEB36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D3ADC7 second address: D3ADE8 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F0C10DA4048h 0x00000008 jmp 00007F0C10DA4042h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 pushad 0x00000011 push ebx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D3BCB1 second address: D3BCB5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D39C78 second address: D39C7D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D39C7D second address: D39C84 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D3DC0C second address: D3DC16 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007F0C10DA4036h 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D3CE17 second address: D3CE25 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push esi 0x00000004 pop esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D3DC16 second address: D3DC1A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D3CE25 second address: D3CE2C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D3DC1A second address: D3DC51 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 mov bh, 4Eh 0x0000000b push 00000000h 0x0000000d mov bx, 8181h 0x00000011 push 00000000h 0x00000013 push 00000000h 0x00000015 push edi 0x00000016 call 00007F0C10DA4038h 0x0000001b pop edi 0x0000001c mov dword ptr [esp+04h], edi 0x00000020 add dword ptr [esp+04h], 00000015h 0x00000028 inc edi 0x00000029 push edi 0x0000002a ret 0x0000002b pop edi 0x0000002c ret 0x0000002d push eax 0x0000002e push eax 0x0000002f push edx 0x00000030 push eax 0x00000031 push edi 0x00000032 pop edi 0x00000033 pop eax 0x00000034 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D3CE2C second address: D3CE3A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0C10EAEB3Ah 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D3ECF2 second address: D3ED12 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 jmp 00007F0C10DA4041h 0x0000000c pop edx 0x0000000d popad 0x0000000e push eax 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D3EE2D second address: D3EEB2 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F0C10EAEB38h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d and bh, 00000016h 0x00000010 push dword ptr fs:[00000000h] 0x00000017 push 00000000h 0x00000019 push edx 0x0000001a call 00007F0C10EAEB38h 0x0000001f pop edx 0x00000020 mov dword ptr [esp+04h], edx 0x00000024 add dword ptr [esp+04h], 00000017h 0x0000002c inc edx 0x0000002d push edx 0x0000002e ret 0x0000002f pop edx 0x00000030 ret 0x00000031 sbb bl, 00000072h 0x00000034 mov dword ptr fs:[00000000h], esp 0x0000003b mov dword ptr [ebp+122D2EC6h], ecx 0x00000041 mov eax, dword ptr [ebp+122D0271h] 0x00000047 or bx, A443h 0x0000004c push FFFFFFFFh 0x0000004e push 00000000h 0x00000050 push eax 0x00000051 call 00007F0C10EAEB38h 0x00000056 pop eax 0x00000057 mov dword ptr [esp+04h], eax 0x0000005b add dword ptr [esp+04h], 00000016h 0x00000063 inc eax 0x00000064 push eax 0x00000065 ret 0x00000066 pop eax 0x00000067 ret 0x00000068 movsx ebx, si 0x0000006b nop 0x0000006c push eax 0x0000006d push edx 0x0000006e jno 00007F0C10EAEB3Ch 0x00000074 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D3EEB2 second address: D3EEC9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007F0C10DA403Bh 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D40CEB second address: D40CF2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D3EEC9 second address: D3EECD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D41CDB second address: D41CE0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D41CE0 second address: D41CE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D42F46 second address: D42F69 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F0C10EAEB38h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d je 00007F0C10EAEB50h 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F0C10EAEB3Eh 0x0000001a rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D42F69 second address: D42F6D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D45B7C second address: D45BA8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 popad 0x00000008 mov dword ptr [esp], eax 0x0000000b and di, 47FDh 0x00000010 push 00000000h 0x00000012 js 00007F0C10EAEB39h 0x00000018 and bh, 00000060h 0x0000001b push 00000000h 0x0000001d movsx ebx, si 0x00000020 push eax 0x00000021 push eax 0x00000022 push edx 0x00000023 pushad 0x00000024 jp 00007F0C10EAEB36h 0x0000002a push eax 0x0000002b push edx 0x0000002c rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D45BA8 second address: D45BAD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D44E23 second address: D44E3C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0C10EAEB3Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push edi 0x0000000c jo 00007F0C10EAEB3Ch 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D45CF1 second address: D45CF7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D46CDF second address: D46CE5 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D4F4E2 second address: D4F503 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push edx 0x00000009 pop edx 0x0000000a jmp 00007F0C10DA4046h 0x0000000f popad 0x00000010 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D4F503 second address: D4F51B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F0C10EAEB42h 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D4F51B second address: D4F55B instructions: 0x00000000 rdtsc 0x00000002 jng 00007F0C10DA4036h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F0C10DA4048h 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push edx 0x00000013 push esi 0x00000014 jmp 00007F0C10DA4042h 0x00000019 jng 00007F0C10DA4036h 0x0000001f pop esi 0x00000020 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D4F55B second address: D4F567 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007F0C10EAEB36h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D4F7EB second address: D4F7EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D4F7EF second address: D4F80E instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F0C10EAEB49h 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D4F80E second address: D4F816 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D4F816 second address: D4F81A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D4F81A second address: D4F820 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D4F820 second address: D4F848 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnl 00007F0C10EAEB3Ah 0x0000000c pushad 0x0000000d popad 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 pop edx 0x00000011 pop eax 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 jmp 00007F0C10EAEB41h 0x0000001c rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D54E72 second address: D54E76 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D54E76 second address: D54EAD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push ecx 0x00000009 jg 00007F0C10EAEB3Ch 0x0000000f pop ecx 0x00000010 mov eax, dword ptr [esp+04h] 0x00000014 push edi 0x00000015 jmp 00007F0C10EAEB3Fh 0x0000001a pop edi 0x0000001b mov eax, dword ptr [eax] 0x0000001d jng 00007F0C10EAEB4Fh 0x00000023 push eax 0x00000024 push edx 0x00000025 pushad 0x00000026 popad 0x00000027 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D59C83 second address: D59C99 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0C10DA4041h 0x00000009 popad 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D59097 second address: D590B0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jmp 00007F0C10EAEB43h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D594FE second address: D59508 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push edi 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D5966E second address: D59672 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D59672 second address: D5967B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D5967B second address: D59680 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D59680 second address: D5968D instructions: 0x00000000 rdtsc 0x00000002 jng 00007F0C10DA4038h 0x00000008 push ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D59983 second address: D59987 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D59987 second address: D5998B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D5998B second address: D599AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a js 00007F0C10EAEB38h 0x00000010 push eax 0x00000011 pop eax 0x00000012 jmp 00007F0C10EAEB3Fh 0x00000017 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D59B17 second address: D59B1D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D59B1D second address: D59B2F instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push edi 0x00000004 pop edi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jl 00007F0C10EAEB5Dh 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D59B2F second address: D59B33 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D361D4 second address: D361FD instructions: 0x00000000 rdtsc 0x00000002 jng 00007F0C10EAEB36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jng 00007F0C10EAEB4Bh 0x00000014 jmp 00007F0C10EAEB45h 0x00000019 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D361FD second address: D36203 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D36203 second address: D36207 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D36207 second address: B8890F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 mov ecx, dword ptr [ebp+1246C866h] 0x0000000f push dword ptr [ebp+122D0C71h] 0x00000015 call dword ptr [ebp+122D3013h] 0x0000001b pushad 0x0000001c jmp 00007F0C10DA4043h 0x00000021 xor eax, eax 0x00000023 jng 00007F0C10DA4037h 0x00000029 mov edx, dword ptr [esp+28h] 0x0000002d or dword ptr [ebp+122D2630h], edx 0x00000033 cmc 0x00000034 mov dword ptr [ebp+122D34DEh], eax 0x0000003a pushad 0x0000003b mov dword ptr [ebp+122D2630h], ebx 0x00000041 popad 0x00000042 mov esi, 0000003Ch 0x00000047 pushad 0x00000048 mov ax, cx 0x0000004b popad 0x0000004c add esi, dword ptr [esp+24h] 0x00000050 jmp 00007F0C10DA403Fh 0x00000055 lodsw 0x00000057 sub dword ptr [ebp+122D2630h], ecx 0x0000005d add eax, dword ptr [esp+24h] 0x00000061 mov dword ptr [ebp+122D2630h], esi 0x00000067 mov ebx, dword ptr [esp+24h] 0x0000006b jmp 00007F0C10DA4042h 0x00000070 push eax 0x00000071 pushad 0x00000072 jmp 00007F0C10DA403Dh 0x00000077 pushad 0x00000078 push eax 0x00000079 push edx 0x0000007a rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D362B9 second address: D362BF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D36522 second address: D36529 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D3674D second address: D367B2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push esi 0x0000000d call 00007F0C10EAEB38h 0x00000012 pop esi 0x00000013 mov dword ptr [esp+04h], esi 0x00000017 add dword ptr [esp+04h], 00000015h 0x0000001f inc esi 0x00000020 push esi 0x00000021 ret 0x00000022 pop esi 0x00000023 ret 0x00000024 mov edi, dword ptr [ebp+122D2F4Fh] 0x0000002a cld 0x0000002b push 00000004h 0x0000002d push 00000000h 0x0000002f push ecx 0x00000030 call 00007F0C10EAEB38h 0x00000035 pop ecx 0x00000036 mov dword ptr [esp+04h], ecx 0x0000003a add dword ptr [esp+04h], 0000001Ah 0x00000042 inc ecx 0x00000043 push ecx 0x00000044 ret 0x00000045 pop ecx 0x00000046 ret 0x00000047 push edi 0x00000048 mov edx, dword ptr [ebp+122D193Fh] 0x0000004e pop edx 0x0000004f nop 0x00000050 jc 00007F0C10EAEB48h 0x00000056 push eax 0x00000057 push edx 0x00000058 push eax 0x00000059 push edx 0x0000005a rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D367B2 second address: D367B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D367B6 second address: D367D1 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F0C10EAEB36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c jng 00007F0C10EAEB3Ch 0x00000012 jg 00007F0C10EAEB36h 0x00000018 pushad 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D331C1 second address: D331C5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D36DEA second address: D36E1D instructions: 0x00000000 rdtsc 0x00000002 je 00007F0C10EAEB36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e jbe 00007F0C10EAEB4Ah 0x00000014 jmp 00007F0C10EAEB44h 0x00000019 mov eax, dword ptr [eax] 0x0000001b push ebx 0x0000001c push eax 0x0000001d push edx 0x0000001e jg 00007F0C10EAEB36h 0x00000024 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D36EEB second address: D15AD2 instructions: 0x00000000 rdtsc 0x00000002 je 00007F0C10DA4036h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b mov edi, dword ptr [ebp+122D2764h] 0x00000011 lea eax, dword ptr [ebp+12480A20h] 0x00000017 jno 00007F0C10DA403Ch 0x0000001d push eax 0x0000001e jmp 00007F0C10DA4044h 0x00000023 mov dword ptr [esp], eax 0x00000026 mov edi, dword ptr [ebp+122D1E0Dh] 0x0000002c lea eax, dword ptr [ebp+124809DCh] 0x00000032 push eax 0x00000033 jnc 00007F0C10DA404Dh 0x00000039 mov dword ptr [esp], eax 0x0000003c push 00000000h 0x0000003e push ecx 0x0000003f call 00007F0C10DA4038h 0x00000044 pop ecx 0x00000045 mov dword ptr [esp+04h], ecx 0x00000049 add dword ptr [esp+04h], 00000014h 0x00000051 inc ecx 0x00000052 push ecx 0x00000053 ret 0x00000054 pop ecx 0x00000055 ret 0x00000056 call dword ptr [ebp+1244606Fh] 0x0000005c push eax 0x0000005d push edx 0x0000005e push eax 0x0000005f push eax 0x00000060 push edx 0x00000061 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D15AD2 second address: D15AEF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jmp 00007F0C10EAEB48h 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D15AEF second address: D15AF5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D15AF5 second address: D15B13 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jne 00007F0C10EAEB36h 0x00000010 jmp 00007F0C10EAEB3Eh 0x00000015 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D5D324 second address: D5D328 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D5D328 second address: D5D339 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0C10EAEB3Dh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D5D339 second address: D5D355 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F0C10DA4046h 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D5D355 second address: D5D35E instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ebx 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D5D4C3 second address: D5D4D2 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F0C10DA403Ah 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D5D4D2 second address: D5D526 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F0C10EAEB36h 0x0000000a pushad 0x0000000b popad 0x0000000c jmp 00007F0C10EAEB49h 0x00000011 popad 0x00000012 pop edx 0x00000013 pop eax 0x00000014 pushad 0x00000015 jmp 00007F0C10EAEB41h 0x0000001a jg 00007F0C10EAEB3Ch 0x00000020 push eax 0x00000021 push edx 0x00000022 jmp 00007F0C10EAEB3Ch 0x00000027 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D5D526 second address: D5D52A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D5D821 second address: D5D82A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D5D82A second address: D5D836 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 jc 00007F0C10DA4036h 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D5D999 second address: D5D9A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D5D9A0 second address: D5D9AA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007F0C10DA4036h 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D5DAE8 second address: D5DAEE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D64B5F second address: D64B87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ebx 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F0C10DA4046h 0x00000011 jng 00007F0C10DA4036h 0x00000017 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D64B87 second address: D64BA2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0C10EAEB43h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push esi 0x0000000a pushad 0x0000000b popad 0x0000000c pop esi 0x0000000d rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CF0A6B second address: CF0A71 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CF0A71 second address: CF0A77 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D63413 second address: D6341A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D6341A second address: D63446 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F0C10EAEB36h 0x0000000a jmp 00007F0C10EAEB49h 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 jnl 00007F0C10EAEB36h 0x00000018 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D636F9 second address: D6370C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jmp 00007F0C10DA403Eh 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D63B68 second address: D63B76 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 jns 00007F0C10EAEB36h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D63D0A second address: D63D21 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0C10DA4042h 0x00000009 popad 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D63D21 second address: D63D26 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D63D26 second address: D63D5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 jmp 00007F0C10DA403Fh 0x0000000b popad 0x0000000c jng 00007F0C10DA403Ch 0x00000012 pop edx 0x00000013 pop eax 0x00000014 push edx 0x00000015 jne 00007F0C10DA4038h 0x0000001b push eax 0x0000001c push edx 0x0000001d jng 00007F0C10DA4036h 0x00000023 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D63D5B second address: D63D5F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D63EB1 second address: D63ED0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F0C10DA4040h 0x00000008 jne 00007F0C10DA4036h 0x0000000e push edx 0x0000000f pop edx 0x00000010 popad 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D64035 second address: D6407C instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F0C10EAEB36h 0x00000008 jno 00007F0C10EAEB36h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 jno 00007F0C10EAEB46h 0x00000016 popad 0x00000017 pushad 0x00000018 pushad 0x00000019 jng 00007F0C10EAEB36h 0x0000001f pushad 0x00000020 popad 0x00000021 pushad 0x00000022 popad 0x00000023 popad 0x00000024 push edx 0x00000025 jmp 00007F0C10EAEB40h 0x0000002a push eax 0x0000002b push edx 0x0000002c rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D64316 second address: D64327 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 je 00007F0C10DA4036h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D64327 second address: D6432B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D6432B second address: D64331 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D64331 second address: D64336 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D644DC second address: D644F7 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F0C10DA4036h 0x00000008 jng 00007F0C10DA4036h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 push edi 0x00000012 pop edi 0x00000013 jne 00007F0C10DA4036h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D644F7 second address: D644FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D649F5 second address: D649FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D649FE second address: D64A04 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D64A04 second address: D64A1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F0C10DA403Eh 0x0000000d rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D63161 second address: D63167 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D63167 second address: D63175 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 js 00007F0C10DA4036h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D673BF second address: D673D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0C10EAEB3Fh 0x00000009 jno 00007F0C10EAEB36h 0x0000000f rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D673D8 second address: D673DC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D673DC second address: D673F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F0C10EAEB42h 0x0000000d rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D673F6 second address: D67411 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0C10DA4041h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push esi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D6A70C second address: D6A710 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D6A710 second address: D6A71F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0C10DA403Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D6A71F second address: D6A726 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D6ED77 second address: D6EDBE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0C10DA4049h 0x00000009 jmp 00007F0C10DA4049h 0x0000000e popad 0x0000000f push esi 0x00000010 jne 00007F0C10DA4036h 0x00000016 pop esi 0x00000017 jg 00007F0C10DA4042h 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D6EDBE second address: D6EDC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D6F09C second address: D6F0AC instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 jo 00007F0C10DA4036h 0x0000000b pop esi 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D6F0AC second address: D6F0B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D6F0B2 second address: D6F0B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D6F0B6 second address: D6F0BA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D6F0BA second address: D6F0C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D6F0C0 second address: D6F0CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D6F53F second address: D6F549 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F0C10DA403Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D6F83D second address: D6F848 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D6F848 second address: D6F854 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D6FB16 second address: D6FB22 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jnl 00007F0C10EAEB36h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D75381 second address: D753C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0C10DA4042h 0x00000009 jmp 00007F0C10DA403Dh 0x0000000e popad 0x0000000f pop edx 0x00000010 pushad 0x00000011 jne 00007F0C10DA4042h 0x00000017 jng 00007F0C10DA4036h 0x0000001d jnp 00007F0C10DA4036h 0x00000023 push eax 0x00000024 push edx 0x00000025 js 00007F0C10DA4036h 0x0000002b jc 00007F0C10DA4036h 0x00000031 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D75697 second address: D7569C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D77C6E second address: D77C79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D77C79 second address: D77C7D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D77C7D second address: D77CA1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f pop eax 0x00000010 push edx 0x00000011 pop edx 0x00000012 jmp 00007F0C10DA4041h 0x00000017 popad 0x00000018 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D7CA9E second address: D7CAAD instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 js 00007F0C10EAEB3Ch 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D7CAAD second address: D7CAD9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0C10DA4044h 0x00000009 pushad 0x0000000a jmp 00007F0C10DA4041h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D7BD9F second address: D7BDA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D7BDA5 second address: D7BDA9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D7BEEA second address: D7BEF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D7BEF0 second address: D7BEF7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D7BEF7 second address: D7BEFC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D7C087 second address: D7C0A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F0C10DA403Dh 0x0000000c jc 00007F0C10DA4036h 0x00000012 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D7C1F8 second address: D7C1FE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D7C1FE second address: D7C219 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F0C10DA403Fh 0x0000000b popad 0x0000000c push ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D7C219 second address: D7C21D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D7C21D second address: D7C221 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D7C35B second address: D7C362 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D82409 second address: D8240D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D8240D second address: D82435 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 je 00007F0C10EAEB36h 0x0000000d pop esi 0x0000000e pushad 0x0000000f jne 00007F0C10EAEB36h 0x00000015 jnp 00007F0C10EAEB36h 0x0000001b popad 0x0000001c popad 0x0000001d push eax 0x0000001e jo 00007F0C10EAEB3Eh 0x00000024 pushad 0x00000025 popad 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D80CB1 second address: D80CC6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0C10DA4041h 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D80CC6 second address: D80CCA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D81146 second address: D81150 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F0C10DA4036h 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D369AD second address: D369C7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0C10EAEB43h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D369C7 second address: D36A05 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 popad 0x00000006 mov dword ptr [esp], eax 0x00000009 mov edi, edx 0x0000000b push 00000004h 0x0000000d jmp 00007F0C10DA4047h 0x00000012 push eax 0x00000013 push eax 0x00000014 push edx 0x00000015 jp 00007F0C10DA4047h 0x0000001b rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D815A1 second address: D815A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D815A9 second address: D815B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push esi 0x00000008 pop esi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D815B4 second address: D815B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D815B8 second address: D815CE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F0C10DA403Ah 0x00000011 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D815CE second address: D815FB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0C10EAEB43h 0x00000007 jc 00007F0C10EAEB36h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 pushad 0x00000011 popad 0x00000012 push esi 0x00000013 pop esi 0x00000014 push edi 0x00000015 pop edi 0x00000016 popad 0x00000017 jnp 00007F0C10EAEB42h 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D81734 second address: D8173A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D8173A second address: D8174B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jg 00007F0C10EAEB3Ch 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D8174B second address: D8176C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0C10DA403Dh 0x00000007 jnp 00007F0C10DA403Ch 0x0000000d je 00007F0C10DA4036h 0x00000013 pop edx 0x00000014 pop eax 0x00000015 pushad 0x00000016 push eax 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D82149 second address: D8215E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F0C10EAEB3Ch 0x0000000e rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D8215E second address: D8216C instructions: 0x00000000 rdtsc 0x00000002 jng 00007F0C10DA4036h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push edi 0x0000000d pop edi 0x0000000e rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D860AB second address: D860DE instructions: 0x00000000 rdtsc 0x00000002 jne 00007F0C10EAEB3Ah 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F0C10EAEB3Dh 0x0000000f jmp 00007F0C10EAEB48h 0x00000014 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D860DE second address: D860EF instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b jnl 00007F0C10DA4036h 0x00000011 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D85785 second address: D8578F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 push ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D858E5 second address: D858EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D85A19 second address: D85A1E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D85A1E second address: D85A2E instructions: 0x00000000 rdtsc 0x00000002 js 00007F0C10DA4038h 0x00000008 push edx 0x00000009 pop edx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D85A2E second address: D85A32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D85D50 second address: D85D56 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D85D56 second address: D85D5A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D8D3BD second address: D8D413 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F0C10DA4041h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007F0C10DA403Ch 0x00000010 popad 0x00000011 pushad 0x00000012 push esi 0x00000013 jmp 00007F0C10DA4045h 0x00000018 push esi 0x00000019 pop esi 0x0000001a pop esi 0x0000001b jmp 00007F0C10DA4044h 0x00000020 push eax 0x00000021 push edx 0x00000022 pushad 0x00000023 popad 0x00000024 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D8D413 second address: D8D417 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D8D417 second address: D8D420 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D8B6D8 second address: D8B6E9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jnc 00007F0C10EAEB36h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push edi 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D8B6E9 second address: D8B6F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jc 00007F0C10DA4042h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D8BC8B second address: D8BCA6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F0C10EAEB45h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D8BCA6 second address: D8BCC3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F0C10DA4047h 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D8C57C second address: D8C580 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D8C580 second address: D8C58A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D8C58A second address: D8C58E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D8C825 second address: D8C82E instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D8C82E second address: D8C85D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0C10EAEB48h 0x00000009 pop ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F0C10EAEB40h 0x00000011 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D8CB38 second address: D8CB3E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D90FB1 second address: D90FB5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D90FB5 second address: D90FB9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D90FB9 second address: D90FBF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D90FBF second address: D90FD4 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F0C10DA403Eh 0x00000008 pushad 0x00000009 push eax 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D90FD4 second address: D90FDA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D912AD second address: D912D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F0C10DA4036h 0x0000000a pop edi 0x0000000b pop esi 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F0C10DA4045h 0x00000013 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D916DF second address: D916E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D916E5 second address: D916EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D9CFA3 second address: D9CFC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 je 00007F0C10EAEB36h 0x0000000d jmp 00007F0C10EAEB48h 0x00000012 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D9CFC8 second address: D9CFEE instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jmp 00007F0C10DA403Ah 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jnc 00007F0C10DA4038h 0x00000013 jnl 00007F0C10DA403Ch 0x00000019 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D9D15F second address: D9D165 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D9D700 second address: D9D704 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D9D704 second address: D9D738 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jmp 00007F0C10EAEB49h 0x0000000e jmp 00007F0C10EAEB40h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D9D738 second address: D9D743 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D9D743 second address: D9D747 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D9DB4C second address: D9DB60 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edi 0x00000009 jne 00007F0C10DA4036h 0x0000000f pop edi 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D9DB60 second address: D9DB66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D9DB66 second address: D9DB6A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D9DE41 second address: D9DE5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0C10EAEB43h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e push esi 0x0000000f pop esi 0x00000010 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D9E51A second address: D9E54D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0C10DA403Fh 0x00000009 popad 0x0000000a jmp 00007F0C10DA4040h 0x0000000f jmp 00007F0C10DA403Bh 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D9E54D second address: D9E557 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F0C10EAEB36h 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D9E557 second address: D9E569 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 ja 00007F0C10DA4042h 0x0000000d pushad 0x0000000e push esi 0x0000000f pop esi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D9ECD6 second address: D9ECFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F0C10EAEB3Fh 0x0000000c jmp 00007F0C10EAEB42h 0x00000011 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DA3A0D second address: DA3A13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DA3A13 second address: DA3A1F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DA3A1F second address: DA3A23 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DA3A23 second address: DA3A27 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DA3A27 second address: DA3A2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DA3A2D second address: DA3A49 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F0C10EAEB4Eh 0x00000008 jmp 00007F0C10EAEB42h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DA3A49 second address: DA3A6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jmp 00007F0C10DA4043h 0x0000000a push esi 0x0000000b pop esi 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push ebx 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DA3A6C second address: DA3A72 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DA3A72 second address: DA3A78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DA3A78 second address: DA3A9E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 jl 00007F0C10EAEB36h 0x0000000e jmp 00007F0C10EAEB46h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DA3A9E second address: DA3AA4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CEB85B second address: CEB867 instructions: 0x00000000 rdtsc 0x00000002 je 00007F0C10EAEB36h 0x00000008 push eax 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CEB867 second address: CEB899 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jp 00007F0C10DA4036h 0x00000009 jnl 00007F0C10DA4036h 0x0000000f pop edi 0x00000010 pushad 0x00000011 je 00007F0C10DA4036h 0x00000017 pushad 0x00000018 popad 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f jmp 00007F0C10DA403Bh 0x00000024 jg 00007F0C10DA4036h 0x0000002a push eax 0x0000002b push edx 0x0000002c rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CEB899 second address: CEB8C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0C10EAEB41h 0x00000009 popad 0x0000000a pushad 0x0000000b jmp 00007F0C10EAEB41h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CEB8C3 second address: CEB8C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CEB8C9 second address: CEB8CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CEB8CE second address: CEB8D4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DA8453 second address: DA8457 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DA8457 second address: DA8463 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F0C10DA4036h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DA8463 second address: DA846F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jns 00007F0C10EAEB36h 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DB4EA5 second address: DB4F1B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 pushad 0x0000000a popad 0x0000000b jmp 00007F0C10DA4049h 0x00000010 ja 00007F0C10DA4036h 0x00000016 popad 0x00000017 popad 0x00000018 pushad 0x00000019 jmp 00007F0C10DA4047h 0x0000001e jmp 00007F0C10DA4044h 0x00000023 pushad 0x00000024 jmp 00007F0C10DA4045h 0x00000029 push ebx 0x0000002a pop ebx 0x0000002b popad 0x0000002c push ebx 0x0000002d pushad 0x0000002e popad 0x0000002f push eax 0x00000030 push edx 0x00000031 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DB78EC second address: DB78F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DBE511 second address: DBE525 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0C10DA4040h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DBE525 second address: DBE52E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DCDD1D second address: DCDD21 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DD2F63 second address: DD2F80 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F0C10EAEB42h 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DD2F80 second address: DD2F90 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F0C10DA4036h 0x00000008 jnc 00007F0C10DA4036h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DD2F90 second address: DD2FB5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0C10EAEB43h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jnc 00007F0C10EAEB3Ch 0x00000011 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DD2FB5 second address: DD2FBD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DD2FBD second address: DD2FC7 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F0C10EAEB36h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DD2FC7 second address: DD2FE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F0C10DA403Dh 0x0000000d jnl 00007F0C10DA4036h 0x00000013 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DD3117 second address: DD311B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DD311B second address: DD3121 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DD3121 second address: DD3127 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DD3127 second address: DD312D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DD312D second address: DD3131 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DD3131 second address: DD3135 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DD3135 second address: DD3144 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push edx 0x0000000a pop edx 0x0000000b push edx 0x0000000c pop edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DD33C7 second address: DD33CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: CE68FA second address: CE68FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DD9898 second address: DD989E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DD942D second address: DD9433 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DD9433 second address: DD9438 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DD9438 second address: DD9446 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 js 00007F0C10EAEB36h 0x00000009 pop edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DD9446 second address: DD944C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DD9594 second address: DD959E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F0C10EAEB36h 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DD959E second address: DD95A8 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F0C10DA4036h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DD95A8 second address: DD95B0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DE7F12 second address: DE7F1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 pop eax 0x00000008 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DE7F1A second address: DE7F37 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0C10EAEB3Dh 0x00000007 jmp 00007F0C10EAEB3Ch 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DE978E second address: DE9798 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F0C10DA4036h 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DE9798 second address: DE979E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DE979E second address: DE97B8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 jmp 00007F0C10DA4043h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DE9605 second address: DE9610 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 je 00007F0C10EAEB36h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DE32E1 second address: DE32E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DE32E5 second address: DE3301 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0C10EAEB44h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DE3301 second address: DE3307 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DE3307 second address: DE3310 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DE3310 second address: DE3318 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DE3318 second address: DE3338 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F0C10EAEB47h 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DE3338 second address: DE333C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DE333C second address: DE3342 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: DF6533 second address: DF653F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F0C10DA4036h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E0BF4A second address: E0BF51 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E0BF51 second address: E0BF5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 jne 00007F0C10DA4036h 0x0000000d rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E0B2C6 second address: E0B2DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 jmp 00007F0C10EAEB3Ah 0x0000000b jnl 00007F0C10EAEB36h 0x00000011 push edx 0x00000012 pop edx 0x00000013 popad 0x00000014 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E0B2DF second address: E0B307 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0C10DA4048h 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F0C10DA403Ah 0x0000000e push eax 0x0000000f pop eax 0x00000010 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E0B640 second address: E0B64A instructions: 0x00000000 rdtsc 0x00000002 jp 00007F0C10EAEB3Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E0B94F second address: E0B953 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E0BAE3 second address: E0BAE7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E0E91D second address: E0E923 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E0EA06 second address: E0EA0A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E0EC71 second address: E0EC85 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0C10DA4040h 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E0EC85 second address: E0ECCB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a jmp 00007F0C10EAEB3Bh 0x0000000f push edx 0x00000010 jmp 00007F0C10EAEB40h 0x00000015 pop edx 0x00000016 popad 0x00000017 nop 0x00000018 mov dx, bx 0x0000001b push 00000004h 0x0000001d mov edx, esi 0x0000001f jmp 00007F0C10EAEB3Ch 0x00000024 push E83CF0D0h 0x00000029 push eax 0x0000002a push eax 0x0000002b push edx 0x0000002c push eax 0x0000002d push edx 0x0000002e rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: E0ECCB second address: E0ECCF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D30D6A second address: D30D6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D30D6E second address: D30D74 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D30D74 second address: D30D78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D30F97 second address: D30F9B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: D30F9B second address: D30FB3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0C10EAEB44h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
      Tries to evade debugger and weak emulator (self modifying code)
      Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: B8896F instructions caused by: Self-modifying code
      Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: B888B0 instructions caused by: Self-modifying code
      Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: D25B55 instructions caused by: Self-modifying code
      Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: D24E69 instructions caused by: Self-modifying code
      Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: D35DC1 instructions caused by: Self-modifying code
      Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: DA9E9F instructions caused by: Self-modifying code
      Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
      Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
      Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B888F0 rdtsc 0_2_00B888F0
      Source: C:\Users\user\Desktop\file.exe TID: 2516Thread sleep time: -30000s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\file.exe TID: 2476Thread sleep time: -30000s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
      Source: file.exe, file.exe, 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
      Source: file.exe, 00000000.00000002.1736443123.000000000142E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW@sI
      Source: file.exe, 00000000.00000002.1736490291.0000000001486000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1735608820.0000000001485000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1735492795.0000000001483000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
      Source: file.exe, 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
      Source: C:\Users\user\Desktop\file.exeSystem information queried: ModuleInformationJump to behavior
      Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior

      Anti Debugging

      barindex
      Hides threads from debuggers
      Source: C:\Users\user\Desktop\file.exeThread information set: HideFromDebuggerJump to behavior
      Tries to detect sandboxes and other dynamic analysis tools (window names)
      Source: C:\Users\user\Desktop\file.exeOpen window title or class name: regmonclass
      Source: C:\Users\user\Desktop\file.exeOpen window title or class name: gbdyllo
      Source: C:\Users\user\Desktop\file.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
      Source: C:\Users\user\Desktop\file.exeOpen window title or class name: procmon_window_class
      Source: C:\Users\user\Desktop\file.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
      Source: C:\Users\user\Desktop\file.exeOpen window title or class name: ollydbg
      Source: C:\Users\user\Desktop\file.exeOpen window title or class name: filemonclass
      Source: C:\Users\user\Desktop\file.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
      Source: C:\Users\user\Desktop\file.exeFile opened: NTICE
      Source: C:\Users\user\Desktop\file.exeFile opened: SICE
      Source: C:\Users\user\Desktop\file.exeFile opened: SIWVID
      Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
      Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
      Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B888F0 rdtsc 0_2_00B888F0
      Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B6B480 LdrInitializeThunk,0_2_00B6B480
      Source: file.exe, 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: ~Program Manager
      Source: file.exeBinary or memory string: W~Program Manager
      Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

      Stealing of Sensitive Information

      barindex
      Yara detected LummaC Stealer
      Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
      Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

      Remote Access Functionality

      barindex
      Yara detected LummaC Stealer
      Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
      Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
      Windows Management Instrumentation      		1
      DLL Side-Loading      		1
      Process Injection      		24
      Virtualization/Sandbox Evasion      		OS Credential Dumping641
      Security Software Discovery      		Remote Services1
      Archive Collected Data      		11
      Encrypted Channel      		Exfiltration Over Other Network MediumAbuse Accessibility Features
      CredentialsDomainsDefault Accounts2
      Command and Scripting Interpreter      		Boot or Logon Initialization Scripts1
      DLL Side-Loading      		1
      Process Injection      		LSASS Memory24
      Virtualization/Sandbox Evasion      		Remote Desktop ProtocolData from Removable Media2
      Non-Application Layer Protocol      		Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
      Deobfuscate/Decode Files or Information      		Security Account Manager2
      Process Discovery      		SMB/Windows Admin SharesData from Network Shared Drive113
      Application Layer Protocol      		Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook4
      Obfuscated Files or Information      		NTDS223
      System Information Discovery      		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
      Software Packing      		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
      DLL Side-Loading      		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      file.exe49%VirustotalBrowse
      file.exe100%AviraTR/Crypt.XPACK.Gen
      file.exe100%Joe Sandbox ML

      Dropped Files

      No Antivirus matches

      Unpacked PE Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      SourceDetectionScannerLabelLink
      https://atten-supporse.biz/7E100%Avira URL Cloudmalware
      https://atten-supporse.biz/gE100%Avira URL Cloudmalware
      https://atten-supporse.biz/WE100%Avira URL Cloudmalware
      https://atten-supporse.biz/GE1100%Avira URL Cloudmalware
      https://atten-supporse.biz/apiw3100%Avira URL Cloudmalware

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      atten-supporse.biz
      		104.21.80.1
      		truefalse
        		high

        Contacted URLs

        NameMaliciousAntivirus DetectionReputation
        dare-curbys.bizfalse
          		high
          impend-differ.bizfalse
            		high
            zinc-sneark.bizfalse
              		high
              covery-mover.bizfalse
                		high
                formy-spill.bizfalse
                  		high
                  atten-supporse.bizfalse
                    		high
                    https://atten-supporse.biz/apifalse
                      		high
                      se-blurry.bizfalse
                        		high
                        print-vexer.bizfalse
                          		high
                          dwell-exclaim.bizfalse
                            		high

                            URLs from Memory and Binaries

                            NameSourceMaliciousAntivirus DetectionReputation
                            https://atten-supporse.biz/7Efile.exe, 00000000.00000003.1735592973.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1736587563.00000000014DE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1735492795.0000000001483000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: malware
                            		unknown
                            https://atten-supporse.biz/WEfile.exe, 00000000.00000003.1735592973.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1736587563.00000000014DE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1735492795.0000000001483000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: malware
                            		unknown
                            https://atten-supporse.biz:443/apifile.exe, 00000000.00000003.1735492795.000000000146F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1736490291.000000000146F000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              https://atten-supporse.biz/apitfile.exe, 00000000.00000003.1735592973.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1736587563.00000000014DE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1735492795.0000000001483000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                https://atten-supporse.biz/GE1file.exe, 00000000.00000003.1735592973.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1736587563.00000000014DE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1735492795.0000000001483000.00000004.00000020.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: malware
                                		unknown
                                https://atten-supporse.biz/gEfile.exe, 00000000.00000003.1735592973.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1736587563.00000000014DE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1735492795.0000000001483000.00000004.00000020.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: malware
                                		unknown
                                https://atten-supporse.biz/apiifile.exe, 00000000.00000003.1735592973.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1736587563.00000000014DE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1735492795.0000000001483000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  https://atten-supporse.biz/apiw3file.exe, 00000000.00000002.1736490291.0000000001486000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1735608820.0000000001485000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1735492795.0000000001483000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: malware
                                  		unknown

                                  World Map of Contacted IPs

                                  • No. of IPs < 25%
                                  • 25% < No. of IPs < 50%
                                  • 50% < No. of IPs < 75%
                                  • 75% < No. of IPs

                                  Public IPs

                                  IPDomainCountryFlagASNASN NameMalicious
                                  104.21.80.1
                                  		atten-supporse.bizUnited States
                                  		13335CLOUDFLARENETUSfalse

                                  General Information

                                  Joe Sandbox version:41.0.0 Charoite
                                  Analysis ID:1572021
                                  Start date and time:2024-12-10 01:32:05 +01:00
                                  Joe Sandbox product:CloudBasic
                                  Overall analysis duration:0h 2m 50s
                                  Hypervisor based Inspection enabled:false
                                  Report type:full
                                  Cookbook file name:default.jbs
                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                  Number of analysed new started processes analysed:1
                                  Number of new started drivers analysed:0
                                  Number of existing processes analysed:0
                                  Number of existing drivers analysed:0
                                  Number of injected processes analysed:0
                                  Technologies:
                                  • HCA enabled
                                  • EGA enabled
                                  • AMSI enabled
                                  Analysis Mode:default
                                  Analysis stop reason:Timeout
                                  Sample name:file.exe
                                  Detection:MAL
                                  Classification:mal100.troj.evad.winEXE@1/0@1/1
                                  EGA Information:
                                  • Successful, ratio: 100%
                                  HCA Information:Failed
                                  Cookbook Comments:
                                  • Found application associated with file extension: .exe
                                  • Stop behavior analysis, all processes terminated

                                  Warnings

                                  • Report size exceeded maximum capacity and may have missing disassembly code.
                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                  • Report size getting too big, too many NtQueryValueKey calls found.

                                  Simulations

                                  Behavior and APIs

                                  TimeTypeDescription
                                  19:33:01API Interceptor2x Sleep call for process: file.exe modified

                                  Joe Sandbox View / Context

                                  IPs

                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                  104.21.80.1downloader2.htaGet hashmaliciousXWormBrowse
                                  • 2k8u3.org/wininit.exe

                                  Domains

                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                  atten-supporse.bizfile.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Stealc, XmrigBrowse
                                  • 104.21.32.1
                                  file.exeGet hashmaliciousAmadey, AsyncRAT, Credential Flusher, LummaC Stealer, Stealc, VenomRAT, VidarBrowse
                                  • 104.21.80.1
                                  file.exeGet hashmaliciousLummaC StealerBrowse
                                  • 104.21.80.1
                                  file.exeGet hashmaliciousLummaC StealerBrowse
                                  • 104.21.112.1
                                  file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                  • 104.21.48.1
                                  file.exeGet hashmaliciousLummaC StealerBrowse
                                  • 104.21.48.1
                                  file.exeGet hashmaliciousLummaC StealerBrowse
                                  • 104.21.48.1
                                  file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                  • 104.21.48.1
                                  file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                  • 104.21.64.1
                                  file.exeGet hashmaliciousLummaC StealerBrowse
                                  • 104.21.64.1

                                  ASNs

                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                  CLOUDFLARENETUShttps://sh4jy.mjt.lu/lnk/AV0AAFiNIwMAAAAAAAAAA8wRVoMAAYKJDQMAAAAAAC0N0gBnVlPBSD3zYwznT1GcHaCspa7g1wApgg8/1/4d5DW5X0pgnAE8y9A887Zg/aHR0cHM6Ly9yZWJyYW5kLmx5L21rbmR0ZTUGet hashmaliciousUnknownBrowse
                                  • 172.67.132.19
                                  file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Stealc, XmrigBrowse
                                  • 104.21.32.1
                                  file.exeGet hashmaliciousAmadey, AsyncRAT, Credential Flusher, LummaC Stealer, Stealc, VenomRAT, VidarBrowse
                                  • 104.16.185.241
                                  file.exeGet hashmaliciousLummaC StealerBrowse
                                  • 104.21.80.1
                                  https://www.google.com.hk/url?q=KWUZMS42J831JSWOSF4KEIP36T3IE7YuQiApLjODz3yh4nNeW8uuQi&rct=XS%25RANDOM4%25wDnNeW8yycT&sa=t&esrc=nNeW8F%25RANDOM3%25A0xys8Em2FL&source=&cd=tS6T8%25RANDOM3%25Tiw9XH&cad=XpPkDfJX%25RANDOM4%25VS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2Fjvsimmigration.com/c/efcfa9e5f8b2f41713ea899643a31954/YnJ1Y2VwQGxlc21hbi5jb20=Get hashmaliciousUnknownBrowse
                                  • 104.17.25.14
                                  file.exeGet hashmaliciousLummaC StealerBrowse
                                  • 104.21.112.1
                                  file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                  • 104.21.48.1
                                  file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                  • 1.1.1.1
                                  file.exeGet hashmaliciousLummaC StealerBrowse
                                  • 104.21.48.1
                                  https://bcnys.us11.list-manage.com/track/click?u=b3ce03a042f3f32fe41fe1faf&id=8c15544f56&e=24911589a5Get hashmaliciousUnknownBrowse
                                  • 1.1.1.1

                                  JA3 Fingerprints

                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                  a0e9f5d64349fb13191bc781f81f42e1file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Stealc, XmrigBrowse
                                  • 104.21.80.1
                                  file.exeGet hashmaliciousAmadey, AsyncRAT, Credential Flusher, LummaC Stealer, Stealc, VenomRAT, VidarBrowse
                                  • 104.21.80.1
                                  file.exeGet hashmaliciousLummaC StealerBrowse
                                  • 104.21.80.1
                                  file.exeGet hashmaliciousLummaC StealerBrowse
                                  • 104.21.80.1
                                  file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                  • 104.21.80.1
                                  file.exeGet hashmaliciousLummaC StealerBrowse
                                  • 104.21.80.1
                                  file.exeGet hashmaliciousLummaC StealerBrowse
                                  • 104.21.80.1
                                  file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                  • 104.21.80.1
                                  file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                  • 104.21.80.1
                                  file.exeGet hashmaliciousLummaC StealerBrowse
                                  • 104.21.80.1

                                  Dropped Files

                                  No context

                                  Created / dropped Files

                                  No created / dropped files found

                                  Static File Info

                                  General

                                  File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                  Entropy (8bit):7.947057148232809
                                  TrID:
                                  • Win32 Executable (generic) a (10002005/4) 99.96%
                                  • Generic Win/DOS Executable (2004/3) 0.02%
                                  • DOS Executable Generic (2002/1) 0.02%
                                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                  File name:file.exe
                                  File size:1'832'448 bytes
                                  MD5:0f2fe11ad182a5dacccb11f8aec704d0
                                  SHA1:4a20e305c64c6817a1a4fb95157e1b4ffc4c8d4f
                                  SHA256:3c85a11120f1473f832bb6956f67b534a16205f9454abf2116237f0007cf9f89
                                  SHA512:52b9a7fd8989de409c6c0a1b31247a98b910299751f7f46af131a8140f783b40854f890fecfab3934cc9425641972cecb3e6bf104a80b1736c1a1499ae97c60e
                                  SSDEEP:49152:PCYhBF2w0PpghadfyhAUDKZOkYMdLtp1Rnc5j9w92T:6YhBF2wAg6fyhAJ/Y8tNnSzT
                                  TLSH:938533578F7E0F12FC01627C81DE17A17554790F70A3FA7BA9526E2BB02B51A2437B84
                                  File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....Ug.............................`H...........@...........................H...........@.................................\@..p..

                                  File Icon

                                  Icon Hash:90cececece8e8eb0

                                  Static PE Info

                                  General

                                  Entrypoint:0x886000
                                  Entrypoint Section:.taggant
                                  Digitally signed:false
                                  Imagebase:0x400000
                                  Subsystem:windows gui
                                  Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                  DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                  Time Stamp:0x6755B9EA [Sun Dec 8 15:23:22 2024 UTC]
                                  TLS Callbacks:
                                  CLR (.Net) Version:
                                  OS Version Major:6
                                  OS Version Minor:0
                                  File Version Major:6
                                  File Version Minor:0
                                  Subsystem Version Major:6
                                  Subsystem Version Minor:0
                                  Import Hash:2eabe9054cad5152567f0699947a2c5b

                                  Entrypoint Preview

                                  Instruction
                                  jmp 00007F0C10C9920Ah
                                  paddq mm3, qword ptr [ebx]
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add cl, ch
                                  add byte ptr [eax], ah
                                  add byte ptr [eax], al
                                  add byte ptr [ebx], cl
                                  or al, byte ptr [eax]
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], dh
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax+00000000h], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [ecx], al
                                  add byte ptr [eax], 00000000h
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  adc byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add cl, byte ptr [edx]
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  inc eax
                                  or al, byte ptr [eax]
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [ecx], al
                                  add byte ptr [eax], 00000000h
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  adc byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  or ecx, dword ptr [edx]
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  xor byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  pop ds
                                  add byte ptr [eax+000000FEh], ah
                                  add byte ptr [edx], ah
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [ecx], cl
                                  add byte ptr [eax], 00000000h
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  adc byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  or ecx, dword ptr [edx]
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  adc byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  pop es
                                  or al, byte ptr [eax]
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al
                                  add byte ptr [esi], al
                                  add byte ptr [eax], 00000000h
                                  add byte ptr [eax], al
                                  add byte ptr [eax], al

                                  Data Directories

                                  NameVirtual AddressVirtual Size Is in Section
                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x5405c0x70.idata
                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x530000x2b0.rsrc
                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x541f80x8.idata
                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                  IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                  Sections

                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                  0x10000x520000x2420033be99571761b2788ffb16b7125de7a6False0.9975264922145328data7.97558968085853IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                  .rsrc0x530000x2b00x400fe67bb2a9df3150b9c94de8bd81ed8a0False0.3603515625data5.186832724894366IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                  .idata 0x540000x10000x200f89f2f28be6f3fc6a464feb82ace12f3False0.15625data1.1194718105633323IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                  0x550000x2980000x20073fe17838074768f836e84a8b7f1f924unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                  yvenramj0x2ed0000x1980000x19760075f4eb2805e53d21b97b214a96fa8f4cFalse0.9945109935946609data7.953649399394396IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                  vcuwzowy0x4850000x10000x40095a5680826ade9f4420407e91447d716False0.79296875data6.183749672899322IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                  .taggant0x4860000x30000x22007a7affbdf4023ee0d44796d3418f6b52False0.06169577205882353DOS executable (COM)0.6991449937238724IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                  Resources

                                  NameRVASizeTypeLanguageCountryZLIB Complexity
                                  RT_MANIFEST0x530580x256ASCII text, with CRLF line terminators0.5100334448160535

                                  Imports

                                  DLLImport
                                  kernel32.dlllstrcpy

                                  Network Behavior

                                  Suricata IDS Alerts

                                  TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                  2024-12-10T01:32:59.315489+01002057921ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (atten-supporse .biz)1192.168.2.4492501.1.1.153UDP
                                  2024-12-10T01:33:00.772458+01002057922ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI)1192.168.2.449730104.21.80.1443TCP
                                  2024-12-10T01:33:00.772458+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449730104.21.80.1443TCP
                                  2024-12-10T01:33:02.062965+01002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.449730104.21.80.1443TCP
                                  2024-12-10T01:33:02.062965+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449730104.21.80.1443TCP
                                  2024-12-10T01:33:03.247751+01002057922ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI)1192.168.2.449731104.21.80.1443TCP
                                  2024-12-10T01:33:03.247751+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449731104.21.80.1443TCP

                                  Network Port Distribution

                                  TCP Packets

                                  TimestampSource PortDest PortSource IPDest IP
                                  Dec 10, 2024 01:32:59.547066927 CET49730443192.168.2.4104.21.80.1
                                  Dec 10, 2024 01:32:59.547111034 CET44349730104.21.80.1192.168.2.4
                                  Dec 10, 2024 01:32:59.547199965 CET49730443192.168.2.4104.21.80.1
                                  Dec 10, 2024 01:32:59.550909042 CET49730443192.168.2.4104.21.80.1
                                  Dec 10, 2024 01:32:59.550929070 CET44349730104.21.80.1192.168.2.4
                                  Dec 10, 2024 01:33:00.772317886 CET44349730104.21.80.1192.168.2.4
                                  Dec 10, 2024 01:33:00.772458076 CET49730443192.168.2.4104.21.80.1
                                  Dec 10, 2024 01:33:00.776371002 CET49730443192.168.2.4104.21.80.1
                                  Dec 10, 2024 01:33:00.776386976 CET44349730104.21.80.1192.168.2.4
                                  Dec 10, 2024 01:33:00.776647091 CET44349730104.21.80.1192.168.2.4
                                  Dec 10, 2024 01:33:00.825840950 CET49730443192.168.2.4104.21.80.1
                                  Dec 10, 2024 01:33:01.068197012 CET49730443192.168.2.4104.21.80.1
                                  Dec 10, 2024 01:33:01.068223953 CET49730443192.168.2.4104.21.80.1
                                  Dec 10, 2024 01:33:01.068322897 CET44349730104.21.80.1192.168.2.4
                                  Dec 10, 2024 01:33:02.062975883 CET44349730104.21.80.1192.168.2.4
                                  Dec 10, 2024 01:33:02.063070059 CET44349730104.21.80.1192.168.2.4
                                  Dec 10, 2024 01:33:02.063127041 CET49730443192.168.2.4104.21.80.1
                                  Dec 10, 2024 01:33:02.137854099 CET49730443192.168.2.4104.21.80.1
                                  Dec 10, 2024 01:33:02.137882948 CET44349730104.21.80.1192.168.2.4
                                  Dec 10, 2024 01:33:02.137897968 CET49730443192.168.2.4104.21.80.1
                                  Dec 10, 2024 01:33:02.137904882 CET44349730104.21.80.1192.168.2.4
                                  Dec 10, 2024 01:33:02.244174957 CET49731443192.168.2.4104.21.80.1
                                  Dec 10, 2024 01:33:02.244211912 CET44349731104.21.80.1192.168.2.4
                                  Dec 10, 2024 01:33:02.244303942 CET49731443192.168.2.4104.21.80.1
                                  Dec 10, 2024 01:33:02.244618893 CET49731443192.168.2.4104.21.80.1
                                  Dec 10, 2024 01:33:02.244632959 CET44349731104.21.80.1192.168.2.4
                                  Dec 10, 2024 01:33:03.247750998 CET49731443192.168.2.4104.21.80.1

                                  UDP Packets

                                  TimestampSource PortDest PortSource IPDest IP
                                  Dec 10, 2024 01:32:59.315489054 CET4925053192.168.2.41.1.1.1
                                  Dec 10, 2024 01:32:59.540055037 CET53492501.1.1.1192.168.2.4

                                  DNS Queries

                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                  Dec 10, 2024 01:32:59.315489054 CET192.168.2.41.1.1.10xda63Standard query (0)atten-supporse.bizA (IP address)IN (0x0001)false

                                  DNS Answers

                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                  Dec 10, 2024 01:32:59.540055037 CET1.1.1.1192.168.2.40xda63No error (0)atten-supporse.biz104.21.80.1A (IP address)IN (0x0001)false
                                  Dec 10, 2024 01:32:59.540055037 CET1.1.1.1192.168.2.40xda63No error (0)atten-supporse.biz104.21.32.1A (IP address)IN (0x0001)false
                                  Dec 10, 2024 01:32:59.540055037 CET1.1.1.1192.168.2.40xda63No error (0)atten-supporse.biz104.21.64.1A (IP address)IN (0x0001)false
                                  Dec 10, 2024 01:32:59.540055037 CET1.1.1.1192.168.2.40xda63No error (0)atten-supporse.biz104.21.16.1A (IP address)IN (0x0001)false
                                  Dec 10, 2024 01:32:59.540055037 CET1.1.1.1192.168.2.40xda63No error (0)atten-supporse.biz104.21.96.1A (IP address)IN (0x0001)false
                                  Dec 10, 2024 01:32:59.540055037 CET1.1.1.1192.168.2.40xda63No error (0)atten-supporse.biz104.21.112.1A (IP address)IN (0x0001)false
                                  Dec 10, 2024 01:32:59.540055037 CET1.1.1.1192.168.2.40xda63No error (0)atten-supporse.biz104.21.48.1A (IP address)IN (0x0001)false

                                  HTTP Request Dependency Graph

                                  • atten-supporse.biz

                                  HTTPS Proxied Packets

                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                  0192.168.2.449730104.21.80.14432080C:\Users\user\Desktop\file.exe
                                  TimestampBytes transferredDirectionData
                                  2024-12-10 00:33:01 UTC265OUTPOST /api HTTP/1.1
                                  Connection: Keep-Alive
                                  Content-Type: application/x-www-form-urlencoded
                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                  Content-Length: 8
                                  Host: atten-supporse.biz
                                  2024-12-10 00:33:01 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                  Data Ascii: act=life
                                  2024-12-10 00:33:02 UTC1020INHTTP/1.1 200 OK
                                  Date: Tue, 10 Dec 2024 00:33:01 GMT
                                  Content-Type: text/html; charset=UTF-8
                                  Transfer-Encoding: chunked
                                  Connection: close
                                  Set-Cookie: PHPSESSID=p01sjp162nllia9929mjvksj8j; expires=Fri, 04-Apr-2025 18:19:40 GMT; Max-Age=9999999; path=/
                                  Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                  Cache-Control: no-store, no-cache, must-revalidate
                                  Pragma: no-cache
                                  CF-Cache-Status: DYNAMIC
                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GxNPH0IAxCRYFHqmjwGPu3gv%2B9KO%2FS%2BNcbZbWjiw3%2Fw4Yt5KhtathHAN0pHEO9yy%2F3cG0dQXUEeXJaIXmg96qjBop7kmDKzHIcHQ8Hv5cAvSAndHsYL4lfpCbZZczELFaecqKNU%3D"}],"group":"cf-nel","max_age":604800}
                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                  Server: cloudflare
                                  CF-RAY: 8ef9241ead068c9c-EWR
                                  alt-svc: h3=":443"; ma=86400
                                  server-timing: cfL4;desc="?proto=TCP&rtt=2040&min_rtt=2040&rtt_var=765&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2845&recv_bytes=909&delivery_rate=1431372&cwnd=196&unsent_bytes=0&cid=1dfc45662a01d622&ts=1304&x=0"
                                  2024-12-10 00:33:02 UTC7INData Raw: 32 0d 0a 6f 6b 0d 0a
                                  Data Ascii: 2ok
                                  2024-12-10 00:33:02 UTC5INData Raw: 30 0d 0a 0d 0a
                                  Data Ascii: 0


                                  Statistics

                                  CPU Usage

                                  Click to jump to process

                                  Memory Usage

                                  Click to jump to process

                                  High Level Behavior Distribution

                                  Click to dive into process behavior distribution

                                  System Behavior

                                  General

                                  Target ID:0
                                  Start time:19:32:56
                                  Start date:09/12/2024
                                  Path:C:\Users\user\Desktop\file.exe
                                  Wow64 process (32bit):true
                                  Commandline:"C:\Users\user\Desktop\file.exe"
                                  Imagebase:0xb30000
                                  File size:1'832'448 bytes
                                  MD5 hash:0F2FE11AD182A5DACCCB11F8AEC704D0
                                  Has elevated privileges:true
                                  Has administrator privileges:true
                                  Programmed in:C, C++ or other language
                                  Reputation:low
                                  Has exited:true

                                  Disassembly

                                  Reset < >

                                    Execution Graph

                                    Execution Coverage:0.8%
                                    Dynamic/Decrypted Code Coverage:0%
                                    Signature Coverage:42.2%
                                    Total number of Nodes:64
                                    Total number of Limit Nodes:4
                                    execution_graph 20512 b387f0 20516 b387fc 20512->20516 20513 b38979 ExitProcess 20514 b38974 20521 b6b400 FreeLibrary 20514->20521 20516->20513 20516->20514 20520 b3cdf0 CoInitializeEx 20516->20520 20521->20513 20522 b3ce55 20523 b3ce70 20522->20523 20526 b66f90 20523->20526 20525 b3ceb9 20527 b66fc0 20526->20527 20527->20527 20528 b6750c 20527->20528 20530 b671d6 SysAllocString 20527->20530 20529 b67536 GetVolumeInformationW 20528->20529 20533 b67558 20529->20533 20531 b671fe 20530->20531 20531->20528 20532 b67206 CoSetProxyBlanket 20531->20532 20532->20528 20535 b67226 20532->20535 20533->20525 20534 b674fa SysFreeString SysFreeString 20534->20528 20535->20534 20536 b6bf91 20538 b6bef0 20536->20538 20537 b6bff7 20538->20537 20541 b6b480 LdrInitializeThunk 20538->20541 20540 b6c01d 20541->20540 20542 b89891 20543 b89e00 20542->20543 20544 b89f59 VirtualAlloc 20543->20544 20545 b89f47 20543->20545 20544->20545 20545->20545 20546 b89295 20547 b89e96 VirtualAlloc 20546->20547 20548 b3ce23 CoInitializeSecurity 20549 b6bc65 20550 b6bc90 20549->20550 20552 b6bcde 20550->20552 20555 b6b480 LdrInitializeThunk 20550->20555 20556 b6b480 LdrInitializeThunk 20552->20556 20554 b6bde7 20555->20552 20556->20554 20557 b3a960 20560 b3a990 20557->20560 20558 b3ae26 20560->20558 20560->20560 20561 b69b60 20560->20561 20562 b69b75 20561->20562 20563 b69b73 20561->20563 20564 b69b7a RtlFreeHeap 20562->20564 20563->20558 20564->20558 20565 b3d2c6 CoUninitialize 20566 b3e062 20565->20566 20567 b6d920 20568 b6d940 20567->20568 20571 b6d98e 20568->20571 20573 b6b480 LdrInitializeThunk 20568->20573 20569 b6da2e 20571->20569 20574 b6b480 LdrInitializeThunk 20571->20574 20573->20571 20574->20569 20580 b69b40 20583 b6ca60 20580->20583 20582 b69b4a RtlAllocateHeap 20584 b6ca80 20583->20584 20584->20582 20584->20584 20585 b651c0 20588 b651dd 20585->20588 20586 b65219 20588->20586 20589 b6b480 LdrInitializeThunk 20588->20589 20589->20588 20590 b6b781 20591 b6b822 20590->20591 20593 b6bace 20591->20593 20594 b6b480 LdrInitializeThunk 20591->20594 20594->20593

                                    Executed Functions

                                    Function 00B66F90 Relevance: 25.1, APIs: 5, Strings: 9, Instructions: 579memoryCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 0 b66f90-b66fb8 1 b66fc0-b67006 0->1 1->1 2 b67008-b6701f 1->2 3 b67020-b6705b 2->3 3->3 4 b6705d-b6709a 3->4 5 b670a0-b670b2 4->5 5->5 6 b670b4-b670cd 5->6 8 b670d7-b670e2 6->8 9 b670cf 6->9 10 b670f0-b67122 8->10 9->8 10->10 11 b67124-b6717b 10->11 13 b67526-b67556 call b6ce00 GetVolumeInformationW 11->13 14 b67181-b671b2 11->14 19 b67560-b67562 13->19 20 b67558-b6755c 13->20 15 b671c0-b671d4 14->15 15->15 18 b671d6-b67200 SysAllocString 15->18 23 b67516-b67522 18->23 24 b67206-b67220 CoSetProxyBlanket 18->24 22 b67587-b6758e 19->22 20->19 25 b675a7-b675bf 22->25 26 b67590-b67597 22->26 23->13 27 b67226-b6723a 24->27 28 b6750c-b67512 24->28 30 b675c0-b675d4 25->30 26->25 29 b67599-b675a5 26->29 31 b67240-b67261 27->31 28->23 29->25 30->30 32 b675d6-b6760f 30->32 31->31 34 b67263-b672e3 31->34 35 b67610-b67650 32->35 39 b672f0-b67313 34->39 35->35 36 b67652-b6767f call b4dc20 35->36 42 b67680-b67688 36->42 39->39 41 b67315-b6733e 39->41 51 b67344-b67366 41->51 52 b674fa-b6750a SysFreeString * 2 41->52 42->42 43 b6768a-b6768c 42->43 44 b67692-b676a2 call b38070 43->44 45 b67570-b67581 43->45 44->45 45->22 48 b676a7-b676ae 45->48 54 b674f0-b674f6 51->54 55 b6736c-b6736f 51->55 52->28 54->52 55->54 56 b67375-b6737a 55->56 56->54 57 b67380-b673c8 56->57 59 b673d0-b673e4 57->59 59->59 60 b673e6-b673f4 59->60 61 b673f8-b673fa 60->61 62 b67400-b67406 61->62 63 b674df-b674ec 61->63 62->63 64 b6740c-b6741a 62->64 63->54 66 b67467 64->66 67 b6741c-b67421 64->67 68 b67469-b674a2 call b37ff0 call b38e90 66->68 69 b67446-b6744a 67->69 80 b674a4 68->80 81 b674a9-b674b1 68->81 71 b67430-b67438 69->71 72 b6744c-b67455 69->72 76 b6743b-b67444 71->76 73 b67457-b6745a 72->73 74 b6745c-b67460 72->74 73->76 74->76 77 b67462-b67465 74->77 76->68 76->69 77->76 80->81 82 b674b3 81->82 83 b674b8-b674db call b38020 call b38000 81->83 82->83 83->63
                                    APIs
                                    • SysAllocString.OLEAUT32(D080DE8F), ref: 00B671DB
                                    • CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 00B67219
                                    • SysFreeString.OLEAUT32(?), ref: 00B67504
                                    • SysFreeString.OLEAUT32(?), ref: 00B6750A
                                    • GetVolumeInformationW.KERNELBASE(?,00000000,00000000,?,00000000,00000000,00000000,00000000), ref: 00B67552
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID: String$Free$AllocBlanketInformationProxyVolume
                                    • String ID: !"$"#$%$.'()$.;$>C$C$p*v,${.] ${|
                                    • API String ID: 1773362589-264043890
                                    • Opcode ID: 6c87d476da4712406e0ad81d00c5ab948af72bd45da9c1a860c3682064270bae
                                    • Instruction ID: 2320ddfcec89b4894fe900362e648dece0adf9fd5f9613580baf174e7a42d72b
                                    • Opcode Fuzzy Hash: 6c87d476da4712406e0ad81d00c5ab948af72bd45da9c1a860c3682064270bae
                                    • Instruction Fuzzy Hash: C5021E71A4C3009FD310CF64C881B6BBBE5EBD5308F14896CF6959B2A1EB79D805CB92
                                    Function 00B3A960 Relevance: 9.2, Strings: 7, Instructions: 401COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 88 b3a960-b3a989 89 b3a990-b3a9e5 88->89 89->89 90 b3a9e7-b3aadf 89->90 91 b3aae0-b3ab1b 90->91 91->91 92 b3ab1d-b3ab39 91->92 93 b3ab40-b3ab69 92->93 93->93 94 b3ab6b-b3ab86 call b3b6a0 93->94 97 b3ae29-b3ae32 94->97 98 b3ab8c-b3ab98 94->98 99 b3aba0-b3abb2 98->99 99->99 100 b3abb4-b3abb9 99->100 101 b3abc0-b3abcc 100->101 102 b3abd3-b3abe4 101->102 103 b3abce-b3abd1 101->103 104 b3ae20-b3ae21 call b69b60 102->104 105 b3abea-b3abff 102->105 103->101 103->102 109 b3ae26 104->109 106 b3ac00-b3ac41 105->106 106->106 108 b3ac43-b3ac50 106->108 110 b3ac52-b3ac58 108->110 111 b3ac84-b3ac88 108->111 109->97 112 b3ac67-b3ac6b 110->112 113 b3ae1e 111->113 114 b3ac8e-b3acb6 111->114 112->113 115 b3ac71-b3ac78 112->115 113->104 116 b3acc0-b3acf4 114->116 117 b3ac7a-b3ac7c 115->117 118 b3ac7e 115->118 116->116 119 b3acf6-b3acff 116->119 117->118 120 b3ac60-b3ac65 118->120 121 b3ac80-b3ac82 118->121 122 b3ad01-b3ad0b 119->122 123 b3ad34-b3ad36 119->123 120->111 120->112 121->120 125 b3ad17-b3ad1b 122->125 123->113 124 b3ad3c-b3ad52 123->124 127 b3ad60-b3adb2 124->127 125->113 126 b3ad21-b3ad28 125->126 128 b3ad2a-b3ad2c 126->128 129 b3ad2e 126->129 127->127 130 b3adb4-b3adbe 127->130 128->129 131 b3ad10-b3ad15 129->131 132 b3ad30-b3ad32 129->132 133 b3adc0-b3adc8 130->133 134 b3adf4-b3adf8 130->134 131->123 131->125 132->131 136 b3add7-b3addb 133->136 135 b3adfe-b3ae1c call b3a6d0 134->135 135->104 136->113 138 b3addd-b3ade4 136->138 140 b3ade6-b3ade8 138->140 141 b3adea-b3adec 138->141 140->141 142 b3add0-b3add5 141->142 143 b3adee-b3adf2 141->143 142->136 144 b3adfa-b3adfc 142->144 143->142 144->113 144->135
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: #xDz$'D F$A|}~$N[\D$N[\D$kl$n
                                    • API String ID: 0-490458541
                                    • Opcode ID: 4cc0e077aaf46964e080a39bbd9e025c782308b294b0caeccc178b4fa19de613
                                    • Instruction ID: 2a2aeb61bd66b606d2d6978ce79d356fbe5b1f28035c0d5bf1ba055504f64de5
                                    • Opcode Fuzzy Hash: 4cc0e077aaf46964e080a39bbd9e025c782308b294b0caeccc178b4fa19de613
                                    • Instruction Fuzzy Hash: CCC1E3726083605BC724CF6488905ABBBD3EBD2304F7E89BCE9D55B342D675990AC783
                                    Function 00B3CE55 Relevance: 9.0, Strings: 7, Instructions: 275COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 145 b3ce55-b3ce62 146 b3ce70-b3ce9b 145->146 146->146 147 b3ce9d-b3ced5 call b38720 call b66f90 146->147 152 b3cee0-b3cf06 147->152 152->152 153 b3cf08-b3cf6b 152->153 154 b3cf70-b3cfa7 153->154 154->154 155 b3cfa9-b3cfba 154->155 156 b3cfc0-b3cfcb 155->156 157 b3d03d 155->157 158 b3cfd0-b3cfd9 156->158 159 b3d041-b3d049 157->159 158->158 162 b3cfdb 158->162 160 b3d05b-b3d068 159->160 161 b3d04b-b3d04f 159->161 164 b3d08b-b3d093 160->164 165 b3d06a-b3d071 160->165 163 b3d050-b3d059 161->163 162->159 163->160 163->163 167 b3d095-b3d096 164->167 168 b3d0ab-b3d1c6 164->168 166 b3d080-b3d089 165->166 166->164 166->166 169 b3d0a0-b3d0a9 167->169 170 b3d1d0-b3d215 168->170 169->168 169->169 170->170 171 b3d217-b3d239 170->171 172 b3d240-b3d250 171->172 172->172 173 b3d252-b3d27f call b3b6a0 172->173 175 b3d284-b3d29e 173->175
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: 48E53941D125CF3623D904AF30EFEBBC$F^$I@$N~ :$VgfW$atten-supporse.biz$z@(
                                    • API String ID: 0-2682260355
                                    • Opcode ID: 07edcafd8224e221a2cbc2b9b09f0f86ff382221d67f3df6ced20f0d0fd2dce2
                                    • Instruction ID: 7ff8a606714d6dcaf37f7e08fea3f6c27d1c20ee4d31931480fc0c468f9b6f0a
                                    • Opcode Fuzzy Hash: 07edcafd8224e221a2cbc2b9b09f0f86ff382221d67f3df6ced20f0d0fd2dce2
                                    • Instruction Fuzzy Hash: E891CEB05493C18BD335CF25D8A0BEBBBE0EB96714F2489ACD4DD5B242D738454ACB92
                                    Function 00B387F0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 146COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 200 b387f0-b387fe call b6afd0 203 b38804-b3880b call b64680 200->203 204 b38979-b38981 ExitProcess 200->204 207 b38811-b38849 203->207 208 b38974 call b6b400 203->208 212 b38851-b388d6 207->212 213 b3884b-b3884f 207->213 208->204 215 b38950-b38968 call b39cc0 212->215 216 b388d8-b3894e 212->216 213->212 215->208 219 b3896a call b3cdf0 215->219 216->215 221 b3896f call b3b670 219->221 221->208
                                    APIs
                                    • ExitProcess.KERNEL32(00000000), ref: 00B3897C
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID: ExitProcess
                                    • String ID: YO9W
                                    • API String ID: 621844428-386669604
                                    • Opcode ID: 3bf7ac10b1f5b973bb0a82e3aba92da2dc4cacbf143179c8d924b5e36883aff4
                                    • Instruction ID: 054a7f082ca20dc28a3153c223e3294697df13551be245c3aaf17d092fe11607
                                    • Opcode Fuzzy Hash: 3bf7ac10b1f5b973bb0a82e3aba92da2dc4cacbf143179c8d924b5e36883aff4
                                    • Instruction Fuzzy Hash: 78312737F5061807C71C79B99C563AAB5C78BC4614F0F963D69D9AB386FDB88C0442D2
                                    Function 00B6B480 Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 237 b6b480-b6b4b2 LdrInitializeThunk
                                    APIs
                                    • LdrInitializeThunk.NTDLL(00B6D4FB,005C003F,0000002C,?,?,00000018,?,00000000,?,?,?,?,00000000,00000000), ref: 00B6B4AE
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID: InitializeThunk
                                    • String ID:
                                    • API String ID: 2994545307-0
                                    • Opcode ID: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
                                    • Instruction ID: 0c3231226d6b2b3a527619dcc08e6164a4fafcc19f94aab6dc14dc2c5ea58878
                                    • Opcode Fuzzy Hash: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
                                    • Instruction Fuzzy Hash: A2E0FE75908316AF9A08CF45C14444EFBE5BFC4714F11CC8DA4D863210D3B0AD46DF82
                                    Function 00B39CC0 Relevance: 1.3, Strings: 1, Instructions: 64COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 265 b39cc0-b39cdf 266 b39ce0-b39cfa 265->266 266->266 267 b39cfc-b39d37 266->267 268 b39d40-b39d69 267->268 268->268 269 b39d6b-b39d72 268->269 270 b39d75-b39d98 call b6af90 269->270
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: \U^_
                                    • API String ID: 0-352632802
                                    • Opcode ID: 48dcb6f94e3bab6ab055641fdb75ce749fb34bdb08435a90e194dcbb13021021
                                    • Instruction ID: 6a934b74b786c8b43646feb81ed963f9de1269f1bbc547bcf45311055e0ac935
                                    • Opcode Fuzzy Hash: 48dcb6f94e3bab6ab055641fdb75ce749fb34bdb08435a90e194dcbb13021021
                                    • Instruction Fuzzy Hash: 8B11E23160C3808FD3249F3498959ABBBE5EBD7744F555A2CE0C96B241C735980A8F9A
                                    Function 00B3CDF0 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 230 b3cdf0-b3ce20 CoInitializeEx
                                    APIs
                                    • CoInitializeEx.COMBASE(00000000,00000002), ref: 00B3CE03
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID: Initialize
                                    • String ID:
                                    • API String ID: 2538663250-0
                                    • Opcode ID: d06e7bb9d3cd479ee2837c26e8094ebfe68aa8f823a9f095e8e1c932609e921b
                                    • Instruction ID: 2abb78d9428f40a2ab0a3c63e7164191f1afb31dd8433db3c13185a788541734
                                    • Opcode Fuzzy Hash: d06e7bb9d3cd479ee2837c26e8094ebfe68aa8f823a9f095e8e1c932609e921b
                                    • Instruction Fuzzy Hash: 7CD0A72129054827D190672CDD07F16326CC703B28F40022AA366C71C1DD00A951C5A5
                                    Function 00B3CE23 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 231 b3ce23-b3ce52 CoInitializeSecurity
                                    APIs
                                    • CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 00B3CE36
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID: InitializeSecurity
                                    • String ID:
                                    • API String ID: 640775948-0
                                    • Opcode ID: b705bc9b78128a4739889a432aa116f3e58911929f69e78db819aebf6a1a68e1
                                    • Instruction ID: 2a28d0df7d6542daa5d3f649e621dbe91c90dd618799e3612ce4c3ba32f26883
                                    • Opcode Fuzzy Hash: b705bc9b78128a4739889a432aa116f3e58911929f69e78db819aebf6a1a68e1
                                    • Instruction Fuzzy Hash: 32D0CA317D43417AF5388B18ACA3F2522068302F20FB40A19B322FE6D4CDD07161862C
                                    Function 00B69B60 Relevance: 1.5, APIs: 1, Instructions: 15memoryCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 232 b69b60-b69b6c 233 b69b75-b69b87 call b6ca60 RtlFreeHeap 232->233 234 b69b73-b69b74 232->234
                                    APIs
                                    • RtlFreeHeap.NTDLL(?,00000000,00000000,00B42F5C), ref: 00B69B80
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID: FreeHeap
                                    • String ID:
                                    • API String ID: 3298025750-0
                                    • Opcode ID: a5e818c8e5f2b584b79238c6d961b38a43f96c833ad9c38ed926e8bde0852fdd
                                    • Instruction ID: d2978b9cd7961d54d9fda37bc44bbf6b2dfa1941f79f978b5bac076621fc59f8
                                    • Opcode Fuzzy Hash: a5e818c8e5f2b584b79238c6d961b38a43f96c833ad9c38ed926e8bde0852fdd
                                    • Instruction Fuzzy Hash: BDD0A931006022EBCA502B28BC01BC73B989F08330F070890B0406B074CA64ACC1CAC0
                                    Function 00B69B40 Relevance: 1.5, APIs: 1, Instructions: 9memoryCOMMON
                                    Download Yara Rule

                                    Control-flow Graph

                                    • Executed
                                    • Not Executed
                                    control_flow_graph 238 b69b40-b69b57 call b6ca60 RtlAllocateHeap
                                    APIs
                                    • RtlAllocateHeap.NTDLL(?,00000000,?,?,00B44E57,00000400), ref: 00B69B50
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID: AllocateHeap
                                    • String ID:
                                    • API String ID: 1279760036-0
                                    • Opcode ID: 0d92e368de2c280a50094cd984fe77c170a16a69714fcb286e7576ccedc1da83
                                    • Instruction ID: 409d928857d0a348671cb7f70aa06100d4814db41e3c6d211947212356498006
                                    • Opcode Fuzzy Hash: 0d92e368de2c280a50094cd984fe77c170a16a69714fcb286e7576ccedc1da83
                                    • Instruction Fuzzy Hash: 70C09B31145124ABCB106F15FC05FC63F58EF45750F160491F04567075C7606C82C7D4
                                    Function 00B89891 Relevance: 1.3, APIs: 1, Instructions: 24memoryCOMMON
                                    Download Yara Rule
                                    APIs
                                    • VirtualAlloc.KERNELBASE(00000000), ref: 00B89F5E
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID: AllocVirtual
                                    • String ID:
                                    • API String ID: 4275171209-0
                                    • Opcode ID: 834a8b841d2b94bfb377d6ce6e0278c18f5d1becacb7b9c5d362fe95ac516f0c
                                    • Instruction ID: 31b71dbf7be37f96f31f5bc2fdd8f8fe2c9d75c40f0b9571c4cdb7a1f39a3ea4
                                    • Opcode Fuzzy Hash: 834a8b841d2b94bfb377d6ce6e0278c18f5d1becacb7b9c5d362fe95ac516f0c
                                    • Instruction Fuzzy Hash: 5CE06DB5108209CFEB08BF64D8C97BE7AE0EB04312F250569DB92C6AA0E2718C50D75B
                                    Function 00B89295 Relevance: 1.3, APIs: 1, Instructions: 16memoryCOMMON
                                    Download Yara Rule
                                    APIs
                                    • VirtualAlloc.KERNELBASE(00000000), ref: 00B89E96
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID: AllocVirtual
                                    • String ID:
                                    • API String ID: 4275171209-0
                                    • Opcode ID: f58f1a32b3b071377f25c7a9198373af844d0fb4cb03b59e5ddcbb19974ee000
                                    • Instruction ID: d4416486fdedf2027e1b8299041c12d2630ab2c2bc96ffab8d0343fe6433492c
                                    • Opcode Fuzzy Hash: f58f1a32b3b071377f25c7a9198373af844d0fb4cb03b59e5ddcbb19974ee000
                                    • Instruction Fuzzy Hash: 96D05E72248704DFEB006FA1D9C637DBAF0FB04312FA8446EAA84C2380D2710C80D70A
                                    Function 00B3D2C6 Relevance: 1.3, APIs: 1, Instructions: 9COMMON
                                    Download Yara Rule
                                    APIs
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID: Uninitialize
                                    • String ID:
                                    • API String ID: 3861434553-0
                                    • Opcode ID: 7fa882225441000583a40ec5a3cf46ccd5f56327a14adb44678fb826044b6ca8
                                    • Instruction ID: 37708742f6e4061794e5792610fdb5864fd5493c72c6375a1044229f1b92a00d
                                    • Opcode Fuzzy Hash: 7fa882225441000583a40ec5a3cf46ccd5f56327a14adb44678fb826044b6ca8
                                    • Instruction Fuzzy Hash: 2CB01237B05004AC4A4040A478460ECF360D1841B9B2049F3D32AC1440D36291254151

                                    Non-executed Functions

                                    Function 00B3E2A9 Relevance: 9.3, Strings: 7, Instructions: 531COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: "# `$,$I~$`~$atten-supporse.biz$qx$s
                                    • API String ID: 0-3378010734
                                    • Opcode ID: d84d6c4acb6a0b2b1ca44f4b7dce3396cf86c0a5526b482b9bb0feeae4ccfa35
                                    • Instruction ID: 16871589adaefaf303653a30cc952fe3435a8367c4d53f49312b2ed9b32cefcd
                                    • Opcode Fuzzy Hash: d84d6c4acb6a0b2b1ca44f4b7dce3396cf86c0a5526b482b9bb0feeae4ccfa35
                                    • Instruction Fuzzy Hash: 4F02CEB014C3D18BD735CF2584A07EBBFE0EF92304F2899ADD4DA5B292D675444A8B63
                                    Function 00B4C360 Relevance: 8.1, Strings: 6, Instructions: 626COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: =z9|$JK$Vj)l$}~$CE$GI
                                    • API String ID: 0-2837980318
                                    • Opcode ID: 7028f295f8a89ca807363ef9a907720b3f24aa90f4fce4283ced49480f682c03
                                    • Instruction ID: 60dd78076bc688242d84732e46b19ba23b2247b2894e17d425cc1ad513a5b4f4
                                    • Opcode Fuzzy Hash: 7028f295f8a89ca807363ef9a907720b3f24aa90f4fce4283ced49480f682c03
                                    • Instruction Fuzzy Hash: 02020EB550C3408BC700DF29D89266BBBE2EFD5314F08985CE5CA8B352EB348A05DB96
                                    Function 00B5D085 Relevance: 6.6, Strings: 5, Instructions: 368COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: #$0$AGsW$P$k
                                    • API String ID: 0-1629916805
                                    • Opcode ID: 370838e97ec0f080ac9bec5a62a3f453b67c2ff6a9c9ca9d6b70af32f5e41185
                                    • Instruction ID: eb5590365ea5b052c7d68a90d7956dd11a53cb97df8e9626313e9343a3f6687e
                                    • Opcode Fuzzy Hash: 370838e97ec0f080ac9bec5a62a3f453b67c2ff6a9c9ca9d6b70af32f5e41185
                                    • Instruction Fuzzy Hash: B2C1E3712193818ED338CF39C4913ABBBD2EFD2305F588AADD4D98B2D1DA798449C706
                                    Function 00B3C36E Relevance: 6.5, Strings: 5, Instructions: 203COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: ){+}$4cde$CJ$F'k)$GS
                                    • API String ID: 0-4192230409
                                    • Opcode ID: f6488b2271ae696d8825b57ef0787081aed1d47b83e5d4876a63de36d0fdc6f6
                                    • Instruction ID: 3c5c7d31327a61fc6cfb555f324e6efc32fb3fde60442083e7a82aca53ded25f
                                    • Opcode Fuzzy Hash: f6488b2271ae696d8825b57ef0787081aed1d47b83e5d4876a63de36d0fdc6f6
                                    • Instruction Fuzzy Hash: 27B11BB84053058FE354DF628588FAA7BB0FB25310F1A82E8E0992F732D7748405CF96
                                    Function 00B580B0 Relevance: 5.4, Strings: 4, Instructions: 440COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: '|$-.$12$i>}0
                                    • API String ID: 0-2215797287
                                    • Opcode ID: b55156fc6fd23723bc2d1280527aaafe532e52fc7f04441ba853b9e365c2db51
                                    • Instruction ID: 6e5d8a24d99317b9dc2b855dbbf639e4284a3553bbd707f67b10a93519158071
                                    • Opcode Fuzzy Hash: b55156fc6fd23723bc2d1280527aaafe532e52fc7f04441ba853b9e365c2db51
                                    • Instruction Fuzzy Hash: FDD1FE7220C3118FD718CF28D89179FB7E2EFC1314F05896DE8999B281EB74950ACB92
                                    Function 00CE03D5 Relevance: 5.4, Strings: 3, Instructions: 1608COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: PWj$)RS?$z?&X
                                    • API String ID: 0-3522362842
                                    • Opcode ID: cce488d79c097fd8f9c63aad8d19b8dea0023fbd4d9809c258a55d130f7b12d1
                                    • Instruction ID: 15db6ba0a7e45f6ace11d7d2ea5977d56e89c377dc2785557c21296ff38260e4
                                    • Opcode Fuzzy Hash: cce488d79c097fd8f9c63aad8d19b8dea0023fbd4d9809c258a55d130f7b12d1
                                    • Instruction Fuzzy Hash: E5B206F360C2049FE304AE29EC8567AFBE9EF94720F1A493DEAC4C7744E63558058697
                                    Function 00B56170 Relevance: 5.3, Strings: 4, Instructions: 318COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID: InitializeThunk
                                    • String ID: 4zVc$8zVc$YNMZ$cba`
                                    • API String ID: 2994545307-1799417857
                                    • Opcode ID: aea11b36ed436caf871174c7dbc5a409d8fa591dbd41fba206be7ee2844cb60b
                                    • Instruction ID: 4ec1f3c36d40263ba8ddba393092a784cd06af209b89508bedd5ce75e4dd2d66
                                    • Opcode Fuzzy Hash: aea11b36ed436caf871174c7dbc5a409d8fa591dbd41fba206be7ee2844cb60b
                                    • Instruction Fuzzy Hash: 9B9145B2E043104BD724DE29DC81B2B73E2EBD5315F5985FCEC858B351EA749C088796
                                    Function 00CEA6EE Relevance: 5.0, Strings: 3, Instructions: 1218COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: .Q?}$\M/?$aN/j
                                    • API String ID: 0-2389065552
                                    • Opcode ID: 1249f2269325137e5069bfd9fe739944b510da9ebbc23f00c79bb5ec4873fcb9
                                    • Instruction ID: b928ec966647b087fa25e54d9479b3aa1070f0ac73fb09a5c4ac8f47f1252134
                                    • Opcode Fuzzy Hash: 1249f2269325137e5069bfd9fe739944b510da9ebbc23f00c79bb5ec4873fcb9
                                    • Instruction Fuzzy Hash: D882E2F3A082009FD3046E29EC8576AFBE9EF94720F1A493DEAC4D3744EA3558058797
                                    Function 00C7C4A8 Relevance: 4.3, Strings: 3, Instructions: 548COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: 7J>~$HnT$qo
                                    • API String ID: 0-396561267
                                    • Opcode ID: 5fb32db3d606bd761ee86164f7fcf2781ff8567552a132fceb3e208edf3085e0
                                    • Instruction ID: daaaabc0414983710f0ec5e8ea4915c54fedf95fa5c5183300e85e1847f9c04a
                                    • Opcode Fuzzy Hash: 5fb32db3d606bd761ee86164f7fcf2781ff8567552a132fceb3e208edf3085e0
                                    • Instruction Fuzzy Hash: BD02C1F3F116244BF3445969CC883A67697DBD4320F2F82389E9C9BBC5E97E9D064284
                                    Function 00B492BA Relevance: 4.0, Strings: 3, Instructions: 300COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: B? !$Z7]9$t3]5
                                    • API String ID: 0-3999537062
                                    • Opcode ID: 19017c821ce43de35730f434cf2cfbc1da97de591cbbb35ceafd7b36843f3453
                                    • Instruction ID: 82dead8ca073fb2ae99d287c7429036779f6e49a3770a82e5150d84d522b910b
                                    • Opcode Fuzzy Hash: 19017c821ce43de35730f434cf2cfbc1da97de591cbbb35ceafd7b36843f3453
                                    • Instruction Fuzzy Hash: 018110716007128BC321CF29C481663F3F2FFA6750B2AC69DC4860F766E335A982D794
                                    Function 00B6A3F0 Relevance: 3.2, Strings: 2, Instructions: 711COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID: InitializeThunk
                                    • String ID: cba`$f
                                    • API String ID: 2994545307-1109690103
                                    • Opcode ID: 923aec29e082e5c85af6415f003038bd3deb71e3d674bf07ecff8d82f64f6170
                                    • Instruction ID: b74cfa61b162c4880c6951a4cbed27f0f93c9fb78c43526b1ebac8873b7b8fa5
                                    • Opcode Fuzzy Hash: 923aec29e082e5c85af6415f003038bd3deb71e3d674bf07ecff8d82f64f6170
                                    • Instruction Fuzzy Hash: F92216716093419FDB14CF28C890B2ABBE2EBD5304F2985ACE496A7391DB74D905CF53
                                    Function 00C48435 Relevance: 3.0, Strings: 2, Instructions: 512COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: VLk{$\z}
                                    • API String ID: 0-1873487209
                                    • Opcode ID: b03718a98ad8c6bdbd92d855b0d83ceb346dc3fc0684892356dbeba888dc9d5b
                                    • Instruction ID: 195876c5b5c07926f16a0cb1056fcc06115b4f86336bfce2ed448c6f5637bf6e
                                    • Opcode Fuzzy Hash: b03718a98ad8c6bdbd92d855b0d83ceb346dc3fc0684892356dbeba888dc9d5b
                                    • Instruction Fuzzy Hash: D9F1D0F3F112204BF3445969DC993A6B696DBD4320F2F8239DA88A77C4E97E9C094285
                                    Function 00B52270 Relevance: 3.0, Strings: 2, Instructions: 501COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: TU$c!"
                                    • API String ID: 0-3813282519
                                    • Opcode ID: e2d77f92253759f8058692b02b452f2ba875aa6e275964dd8773c4a4cbac78c0
                                    • Instruction ID: c94837a5472c05e378e213f3e510928d6c4b826c41a2ff3dbe6aa9430c6438f4
                                    • Opcode Fuzzy Hash: e2d77f92253759f8058692b02b452f2ba875aa6e275964dd8773c4a4cbac78c0
                                    • Instruction Fuzzy Hash: 66C126B26053004BD7149B28DC9277BB3E2EFE6315F1885ACE996C7381F638D9098752
                                    Function 00B34270 Relevance: 2.8, Strings: 2, Instructions: 329COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: )$IEND
                                    • API String ID: 0-707183367
                                    • Opcode ID: ad09a8ea06d59ebbe583ce85a1b7d38a49d7365c8e76300e683cb70e0317ccc6
                                    • Instruction ID: 9edf377954f88a66834f239b7a2f371366959eb4d13f6cb4425a63824727f921
                                    • Opcode Fuzzy Hash: ad09a8ea06d59ebbe583ce85a1b7d38a49d7365c8e76300e683cb70e0317ccc6
                                    • Instruction Fuzzy Hash: C2D1BEB1908344AFD720CF18D88175FBBE4EB94304F2449ADF9999B382D775E908CB92
                                    Function 00C162F3 Relevance: 2.8, Strings: 2, Instructions: 313COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: AP~$e
                                    • API String ID: 0-795121768
                                    • Opcode ID: 291545f6981aa98c7dffcb2678bb283812ac1bee0f4aaa88e7e11ce3a7b7b714
                                    • Instruction ID: 7cf96f7e62add717ea71913a8bd20154b8b1ff151fcf7d162a95a90ce1f085a8
                                    • Opcode Fuzzy Hash: 291545f6981aa98c7dffcb2678bb283812ac1bee0f4aaa88e7e11ce3a7b7b714
                                    • Instruction Fuzzy Hash: D0B17AF3F5112547F3544C39CD583A26A83DB95320F2F82388E59ABBC9D87E9D4A5384
                                    Function 00B39070 Relevance: 2.8, Strings: 2, Instructions: 292COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: &$(-$(,"-
                                    • API String ID: 0-2940422652
                                    • Opcode ID: 842e3b4bad717ffb86fa21b0642b285fa84ec43394ca04797a762ceea37fb35b
                                    • Instruction ID: f345d571901a0227476be978de2087fa6a7262f5042719b5aa3598c1a1a0cd92
                                    • Opcode Fuzzy Hash: 842e3b4bad717ffb86fa21b0642b285fa84ec43394ca04797a762ceea37fb35b
                                    • Instruction Fuzzy Hash: 5571376110C3869EC705CF29889077BFFE1DFE2304F2845AEE4D59B282D7758A0AC766
                                    Function 00B4D074 Relevance: 2.7, Strings: 2, Instructions: 211COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: pr$|~
                                    • API String ID: 0-4145297803
                                    • Opcode ID: 86f0aafd3167c411926cb5c7bb75bbcf369e88dd24d5fc735e89e591ff3c0fc1
                                    • Instruction ID: d7e5312ba70918dd0959ac130372c4075b4065b35edf10d4fa6705114870b24b
                                    • Opcode Fuzzy Hash: 86f0aafd3167c411926cb5c7bb75bbcf369e88dd24d5fc735e89e591ff3c0fc1
                                    • Instruction Fuzzy Hash: 175123B060C3508BD7048F24D81276BB7F1EF92314F1885ACE9C95B351E73ADA45EB5A
                                    Function 00B4D087 Relevance: 2.7, Strings: 2, Instructions: 207COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: pr$|~
                                    • API String ID: 0-4145297803
                                    • Opcode ID: 9b2b7256ba8fa47003b9b5adbe3b7cbdfb49e7659a85eba8caf7892fc7db5b37
                                    • Instruction ID: 8b9573cb009ec823024ab4c957cfb57a68e4511dc8482e40ee063ade1f899cfd
                                    • Opcode Fuzzy Hash: 9b2b7256ba8fa47003b9b5adbe3b7cbdfb49e7659a85eba8caf7892fc7db5b37
                                    • Instruction Fuzzy Hash: 585103B060C3508BD7049F24C81266BB7F1EF92314F1885ACE9C55B351E73ADA41EB5A
                                    Function 00B5536C Relevance: 2.7, Strings: 2, Instructions: 185COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: BLJB$X
                                    • API String ID: 0-2222927247
                                    • Opcode ID: 7f3052cc74acf6c2d7318e5d763224893fd1ce2b0de3e3caba5a2ca497aacfdf
                                    • Instruction ID: bf9697da810a5b6fc90aa1ddcc15d81a48ea1a01b7b0136cc35b24e7b7830226
                                    • Opcode Fuzzy Hash: 7f3052cc74acf6c2d7318e5d763224893fd1ce2b0de3e3caba5a2ca497aacfdf
                                    • Instruction Fuzzy Hash: A3516731618B818BD7308A6884A13EBBBE1DF61353F9849EDDCD987382E224A549D752
                                    Function 00D65293 Relevance: 2.7, Strings: 2, Instructions: 163COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: T?j$UE?t
                                    • API String ID: 0-4179024493
                                    • Opcode ID: df0e34fbcfac668506694f39cb5cf1a3f2c104ab312b8d8a4c0d1288b7bf4f5c
                                    • Instruction ID: 62b3412b74a9d7f31a4579b89742b9d60f36af88ce887f518986915c900ba46f
                                    • Opcode Fuzzy Hash: df0e34fbcfac668506694f39cb5cf1a3f2c104ab312b8d8a4c0d1288b7bf4f5c
                                    • Instruction Fuzzy Hash: DA5121B36083049FE700AE29DD4573AF7E6EFD4720F19892DEAC483708EA3558158B47
                                    Function 00C6B0F6 Relevance: 1.8, Strings: 1, Instructions: 514COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: ^&f
                                    • API String ID: 0-2086923867
                                    • Opcode ID: eed0829e17529aa21c78b279ab069fbdc71acfd90cd52914b7f0f7f593ee9fa0
                                    • Instruction ID: 9029b240e9a819ffb40edc0a3242833fe37dc19f10fa80166f50648fa577aa99
                                    • Opcode Fuzzy Hash: eed0829e17529aa21c78b279ab069fbdc71acfd90cd52914b7f0f7f593ee9fa0
                                    • Instruction Fuzzy Hash: 51F1ADF3F142104BF3444D3DDD983667696EBA5320F2F82399A88EB7C5E87E9D094285
                                    Function 00BF0399 Relevance: 1.7, Strings: 1, Instructions: 481COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: Q
                                    • API String ID: 0-3463352047
                                    • Opcode ID: 10ea418080d755ee767b17585675859520cdd2f68ef66dcb0a00bd4a2ba0c9c6
                                    • Instruction ID: 91ec17e9c0e04c7a2e807dfe3c7e513a62950189a4eb4b3ca01a0c5b3ace6e6b
                                    • Opcode Fuzzy Hash: 10ea418080d755ee767b17585675859520cdd2f68ef66dcb0a00bd4a2ba0c9c6
                                    • Instruction Fuzzy Hash: 05F1D0F3F112104BF7484929DC693A67697DBD4320F2F813D9B4A9B7C5E97E9C0A4284
                                    Function 00C52126 Relevance: 1.6, Strings: 1, Instructions: 350COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: a@<<
                                    • API String ID: 0-2396571586
                                    • Opcode ID: ce90ff4b023ce9d88fceaf3e86a818bb9a5b466e6d16075c1015c80f3170d003
                                    • Instruction ID: 1e438791ed2722aeeee4d4c7bcf24273ff78829124e25e97173325dd45db322a
                                    • Opcode Fuzzy Hash: ce90ff4b023ce9d88fceaf3e86a818bb9a5b466e6d16075c1015c80f3170d003
                                    • Instruction Fuzzy Hash: B9C199F7E1262547F3544865DC98362A683ABE4324F2F82388F9C677C5ECBE5D0A42C4
                                    Function 00C700C6 Relevance: 1.6, Strings: 1, Instructions: 301COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: f
                                    • API String ID: 0-1993550816
                                    • Opcode ID: 06ec3e84a1a808997a7b62c042c5d75d3fc18463cb6bb79b4456bf2dd3ab3e96
                                    • Instruction ID: 2d80ebfd3a8d7a92b5105ae593a1bbc3d9cbb231a8753e6fc5afba3702281f24
                                    • Opcode Fuzzy Hash: 06ec3e84a1a808997a7b62c042c5d75d3fc18463cb6bb79b4456bf2dd3ab3e96
                                    • Instruction Fuzzy Hash: CBA1A9B3F111214BF3544D29CC583A2A653ABD5324F2F82788E8C6BBC5D9BE5D0A93C4
                                    Function 00BD202C Relevance: 1.5, Strings: 1, Instructions: 286COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: !
                                    • API String ID: 0-2657877971
                                    • Opcode ID: 52a1fb34bb6a56f61e6fc21c958434e88d68846b21cd339731d54f3630c49c21
                                    • Instruction ID: 17cad738c8abb4257cec9ddd997765be74cd14b276e08c6ab45cd07174d4dfaa
                                    • Opcode Fuzzy Hash: 52a1fb34bb6a56f61e6fc21c958434e88d68846b21cd339731d54f3630c49c21
                                    • Instruction Fuzzy Hash: C2A17DB3F115250BF3488839CD683A265839BD5311F2F827C8E5DAB7C9EC7E5D0A5284
                                    Function 00B601D0 Relevance: 1.5, Strings: 1, Instructions: 285COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: 0
                                    • API String ID: 0-4108050209
                                    • Opcode ID: f8f43a0e5f05fafea3e35402f99cf7c22ab5ec176c75e8e54188d0f3d9d3eda6
                                    • Instruction ID: f6ad8f18bd70f980cf84daeb12752d9ab94a1865716ab799b6f5fcbcb29f3c96
                                    • Opcode Fuzzy Hash: f8f43a0e5f05fafea3e35402f99cf7c22ab5ec176c75e8e54188d0f3d9d3eda6
                                    • Instruction Fuzzy Hash: 9A91193362DA9047C72C6D7D4CA627A7AD34BD6230B2E83AEB5B6CB3E1D91D88055350
                                    Function 00BB9148 Relevance: 1.5, Strings: 1, Instructions: 262COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: F
                                    • API String ID: 0-1304234792
                                    • Opcode ID: 1da303e6416296502bdff1813e633dd66a49d8dec309c88bb85348168a5dbde4
                                    • Instruction ID: a800d562fe7d1873591feb6a222d9ba082d12c664ae92893707759bebaa32104
                                    • Opcode Fuzzy Hash: 1da303e6416296502bdff1813e633dd66a49d8dec309c88bb85348168a5dbde4
                                    • Instruction Fuzzy Hash: 849149F3F515254BF3504969DC483A2B6929B95314F2F82788F4C6BBC9D8BE9D0A42C4
                                    Function 00CA239E Relevance: 1.5, Strings: 1, Instructions: 257COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: $
                                    • API String ID: 0-3993045852
                                    • Opcode ID: 548fbafa3c6f64f9675761b73f6abf5caffdec2546261d36a2a4edbc19bef9d7
                                    • Instruction ID: 4f6181f74b13cf8add12545d550b80935bc4252d4f4428c5e8ace4929609d293
                                    • Opcode Fuzzy Hash: 548fbafa3c6f64f9675761b73f6abf5caffdec2546261d36a2a4edbc19bef9d7
                                    • Instruction Fuzzy Hash: 4E919DB3F112258BF3444D69CC683A27693DB95324F2F41788E0CAB7C5D97E6D0AA784
                                    Function 00B6A030 Relevance: 1.5, Strings: 1, Instructions: 254COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID: InitializeThunk
                                    • String ID: cba`
                                    • API String ID: 2994545307-1926275841
                                    • Opcode ID: bdfaa44e32ca3aae9ca7cf7172fc6ff82ec7c65a75c9a562f7854940dac699c2
                                    • Instruction ID: 7d3f88148e303947f45273af7931af3019e974351926f1cf4b6c9b1c378af3f6
                                    • Opcode Fuzzy Hash: bdfaa44e32ca3aae9ca7cf7172fc6ff82ec7c65a75c9a562f7854940dac699c2
                                    • Instruction Fuzzy Hash: 6E714571A493009FDB189E2CD8E1B3AB7E2EB85310F1845ACD59BA77A1DA359840CF53
                                    Function 00C6321D Relevance: 1.5, Strings: 1, Instructions: 254COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: (
                                    • API String ID: 0-3887548279
                                    • Opcode ID: 7a95726d4f59bec65131e8d8398ecb3893ff6d5acb60db7e26a3811380e41b53
                                    • Instruction ID: 5e666295f9b196633928eff54947806ef49289a2434d47a76d485a8217ffc2e0
                                    • Opcode Fuzzy Hash: 7a95726d4f59bec65131e8d8398ecb3893ff6d5acb60db7e26a3811380e41b53
                                    • Instruction Fuzzy Hash: 14916BB7F111214BF3944D29CC583A262839BD1324F2F82788E4C6B7C5DD7E5D4A9388
                                    Function 00C3417C Relevance: 1.5, Strings: 1, Instructions: 252COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: &
                                    • API String ID: 0-1010288
                                    • Opcode ID: 68e66426483c263c9ba0451c148bff0809363ee0bb736abaf37f76971f243bc9
                                    • Instruction ID: b94fe1cf95e9451252ce5b3b119b3f32e2bd5b3dcd9191a982357632d105a793
                                    • Opcode Fuzzy Hash: 68e66426483c263c9ba0451c148bff0809363ee0bb736abaf37f76971f243bc9
                                    • Instruction Fuzzy Hash: 3981A9B3F111254BF3544D29DC583A2B6839BD5314F2F82788E8CAB7C9D8BE5D4A8384
                                    Function 00C1C495 Relevance: 1.5, Strings: 1, Instructions: 248COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: ,"I
                                    • API String ID: 0-3938224528
                                    • Opcode ID: 37e21cd175b4d0e3c80ba295a22f5cd183d9fb0dbcea84b0acc898613fa4680d
                                    • Instruction ID: f5946fc594c863f43c2870adaefc06922882f9e93c849ab350b5128e8f3baa64
                                    • Opcode Fuzzy Hash: 37e21cd175b4d0e3c80ba295a22f5cd183d9fb0dbcea84b0acc898613fa4680d
                                    • Instruction Fuzzy Hash: 0181D6B3F1122547F3504D29DC983A27283DBD5715F2F81788A489B7C9ED7EAD069384
                                    Function 00B5A100 Relevance: 1.5, Strings: 1, Instructions: 241COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: "
                                    • API String ID: 0-123907689
                                    • Opcode ID: 1bde58d3ad00dbcf7b211c85afe0c87ae7ec8536041c5ee7d742fbdcfbaf8b1e
                                    • Instruction ID: c71d0c2eab43a0e2b76b7de026e5ca7936eb3c963382f1d4f33831b2fcbf9ca0
                                    • Opcode Fuzzy Hash: 1bde58d3ad00dbcf7b211c85afe0c87ae7ec8536041c5ee7d742fbdcfbaf8b1e
                                    • Instruction Fuzzy Hash: DF7116327097154BD724996D8C8031AB6C3ABC6335F2983E8ECB5BB3E5D6718C098786
                                    Function 00B9A219 Relevance: 1.5, Strings: 1, Instructions: 237COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: %
                                    • API String ID: 0-2567322570
                                    • Opcode ID: e3ea413316090d6378a219eeb2d84b78f647ae7dae34ea45c5818814d3e42a5f
                                    • Instruction ID: bc7be3d2140020656dab9ea1ba938624e8557d07849d48bab65867291680846b
                                    • Opcode Fuzzy Hash: e3ea413316090d6378a219eeb2d84b78f647ae7dae34ea45c5818814d3e42a5f
                                    • Instruction Fuzzy Hash: CF817CB3F112254BF3844D39DD583A26683EBD5324F2F42388F586B7C5D9BE9D0A5288
                                    Function 00BC21C9 Relevance: 1.5, Strings: 1, Instructions: 236COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: z
                                    • API String ID: 0-1657960367
                                    • Opcode ID: 53364c78db42954819d65af20eea6875de3e7d02903ee04d0cef8247de782f81
                                    • Instruction ID: a820a91447705ecafe964d2136edba343b259b2d5c85f1ac92c80bfb4e1f1111
                                    • Opcode Fuzzy Hash: 53364c78db42954819d65af20eea6875de3e7d02903ee04d0cef8247de782f81
                                    • Instruction Fuzzy Hash: 6A818AB3F111258BF3404D28DC583A27293DB95324F2F81788E4CAB7C5E97EAD5A9384
                                    Function 00BFA233 Relevance: 1.5, Strings: 1, Instructions: 236COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: *
                                    • API String ID: 0-163128923
                                    • Opcode ID: 29d34e037031edd0a6d803a4750c493514110731518177dd7284b10de808d16e
                                    • Instruction ID: 377c7aa6f453295187cf84ec3b0e88271650a3437b431bcf3cb11d791fe25b28
                                    • Opcode Fuzzy Hash: 29d34e037031edd0a6d803a4750c493514110731518177dd7284b10de808d16e
                                    • Instruction Fuzzy Hash: E38189B3F111254BF3944D28CC583A27683EBD5311F2F82788A48AB7C9EC7EAD094284
                                    Function 00C72343 Relevance: 1.5, Strings: 1, Instructions: 233COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: ?-bw
                                    • API String ID: 0-540217314
                                    • Opcode ID: 8892124b9dcd4322e747af47ce27420ce53bcb1907ecb43788361012c13fe766
                                    • Instruction ID: 1ce074bb08829d84e91252886e730e15dc240d12a1140141e96a7432f5329178
                                    • Opcode Fuzzy Hash: 8892124b9dcd4322e747af47ce27420ce53bcb1907ecb43788361012c13fe766
                                    • Instruction Fuzzy Hash: 1D813AB7F112210BF3944979DD883926583DBD4324F2F82788E58ABBC9DD7E9D0A5384
                                    Function 00BBC3E5 Relevance: 1.5, Strings: 1, Instructions: 232COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: e
                                    • API String ID: 0-4024072794
                                    • Opcode ID: fe27ea5f4e152114053e3e167bd263ca196aa0ac001fd53814001158b4f138b9
                                    • Instruction ID: cd31b11938bcb17d8aa497bd8804ca1ea0d0e090276b755a141a0b1f0a4cdcf3
                                    • Opcode Fuzzy Hash: fe27ea5f4e152114053e3e167bd263ca196aa0ac001fd53814001158b4f138b9
                                    • Instruction Fuzzy Hash: B18155B3F1112547F3604D29CC983A26683ABD5320F2F42798E9CAB7C1E87E6D469384
                                    Function 00C542A7 Relevance: 1.5, Strings: 1, Instructions: 218COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: 78Fc
                                    • API String ID: 0-341341005
                                    • Opcode ID: a688da48380dd73a7df76b1e3e351ac759cc13ee1eefef57a55770c77e9b4eae
                                    • Instruction ID: 88bdbada31612c717df0e721d357ab37a99c2c84b4aacc0b8941f95e9eaaa497
                                    • Opcode Fuzzy Hash: a688da48380dd73a7df76b1e3e351ac759cc13ee1eefef57a55770c77e9b4eae
                                    • Instruction Fuzzy Hash: AB719EB3F111254BF3944D68DC983A17293DB95310F2F82788E886B7C5E97E6D499388
                                    Function 00B3E06A Relevance: 1.5, Strings: 1, Instructions: 210COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID: InitializeThunk
                                    • String ID: cba`
                                    • API String ID: 2994545307-1926275841
                                    • Opcode ID: 669f49e236eef6008ae8839d2b4a18b288b1496cfe35cbc287ece894b53a2aed
                                    • Instruction ID: 7d17efc94efd3ca1aeefe29417934e1af950fb0c0d28df225c729e156d4081ac
                                    • Opcode Fuzzy Hash: 669f49e236eef6008ae8839d2b4a18b288b1496cfe35cbc287ece894b53a2aed
                                    • Instruction Fuzzy Hash: 3A51D6306082809BE7688B28DC92B7B77E6EB91314F3499BDD45FA72D2DB30DC858710
                                    Function 00BEC077 Relevance: 1.5, Strings: 1, Instructions: 201COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: ;I=Q
                                    • API String ID: 0-262225711
                                    • Opcode ID: cd6d192f46b9cd2babe1743b814bab35f26743b70cee4d7e1b58f133e015a158
                                    • Instruction ID: f4068dc6ab0ffd735efe11d5d9312e2c3a0b32384eb606700589164726d6a6f9
                                    • Opcode Fuzzy Hash: cd6d192f46b9cd2babe1743b814bab35f26743b70cee4d7e1b58f133e015a158
                                    • Instruction Fuzzy Hash: 76619CF3F102254BF3444D28DDA83A26643DB95320F2F42388E596B3C6E9BE5D0A5384
                                    Function 00B5B4BB Relevance: 1.4, Strings: 1, Instructions: 138COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID: CUUI
                                    • API String ID: 0-173970609
                                    • Opcode ID: 6dfdad85a877ebbbd6e0f46a08c0c83a79e0665ad8272189b833ae16010fd439
                                    • Instruction ID: 22f21a4b3b6481778d42aa6cd07654976ad9e85c4199ae67264001465a2a8a97
                                    • Opcode Fuzzy Hash: 6dfdad85a877ebbbd6e0f46a08c0c83a79e0665ad8272189b833ae16010fd439
                                    • Instruction Fuzzy Hash: BE41C5A110C3D08ADB358F2595907ABFBE1DFD3305F5884EDC6C967243C775880A8B56
                                    Function 00B55230 Relevance: 1.3, Strings: 1, Instructions: 96COMMON
                                    Download Yara Rule
                                    Strings
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID: InitializeThunk
                                    • String ID: cba`
                                    • API String ID: 2994545307-1926275841
                                    • Opcode ID: e3ca8073286850a1d950433558e26516822fd7029527852d06cb1df86438577e
                                    • Instruction ID: c88eb39b6456b7d82abd1ae525315df69824d5944eb15667084798190d85b78a
                                    • Opcode Fuzzy Hash: e3ca8073286850a1d950433558e26516822fd7029527852d06cb1df86438577e
                                    • Instruction Fuzzy Hash: 94116A36A54B104BC320CE28CDC162677E5EB85311F5517BCDCAAD33A2F264EC0487E5
                                    Function 00B36690 Relevance: .7, Instructions: 665COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 5a3e275465761bd67e935482f0fec437d43d6c92399063d6fd60e9ce8fe36b3d
                                    • Instruction ID: 05ba31ee3c22068b78fcf70a3e77984f09278598d5f3ddaf75765e5cfa7a40b8
                                    • Opcode Fuzzy Hash: 5a3e275465761bd67e935482f0fec437d43d6c92399063d6fd60e9ce8fe36b3d
                                    • Instruction Fuzzy Hash: 4552E2B0908B84AFE735CB24C4843A7BBE1EB55314F24C8AED5E707B82C779A885C755
                                    Function 00B37470 Relevance: .6, Instructions: 625COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: b4f2b084faef48d893cec2519f241ff843f37aefc35a02b9a69ce986de1685e5
                                    • Instruction ID: 9c0c85a31e04d6e9b690f0a3503e459c89602ea93a6693ca302cbf96463b98dd
                                    • Opcode Fuzzy Hash: b4f2b084faef48d893cec2519f241ff843f37aefc35a02b9a69ce986de1685e5
                                    • Instruction Fuzzy Hash: D922D472A4C7158BC735DF18D8906ABB3E1FFC4315F298A6DD9C697281DB34A811CB82
                                    Function 00BC00E4 Relevance: .6, Instructions: 582COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: c5548983dcefb43faf872bf1978903338daf1788304b4b1af2f860bad3be4ffd
                                    • Instruction ID: 8d1bab5440047cc37dc2bfe053204995d8d329783b9e07f1f5a2d84ad2182509
                                    • Opcode Fuzzy Hash: c5548983dcefb43faf872bf1978903338daf1788304b4b1af2f860bad3be4ffd
                                    • Instruction Fuzzy Hash: E0129BF3F056204BF3445929DC98366B693EBD4320F2F853D9A88A77C5E97E5C068385
                                    Function 00C665CA Relevance: .5, Instructions: 521COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: cfebbac0c5e8ac3d17b441bc2f684186322313fba913fb7c68f6508fa659c09f
                                    • Instruction ID: afe10ff2b6360eed5cc42224d09e830af049db4f0ef497f7af21d8b7e9ceda65
                                    • Opcode Fuzzy Hash: cfebbac0c5e8ac3d17b441bc2f684186322313fba913fb7c68f6508fa659c09f
                                    • Instruction Fuzzy Hash: C602B0F3F156204BF3485D39DD983A6BA92EBD4320F2B823C9B89A77C4D87E5C054285
                                    Function 00BE3032 Relevance: .5, Instructions: 520COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 8e8c40a2cd2d8a94221a8a9ca63da1d220e3c0d94934c376c8f3848bd08cabd4
                                    • Instruction ID: b9dbbd9c07eca6d188a6de948eab29e4b0832d855a10c09d0fa3ba0c19c24275
                                    • Opcode Fuzzy Hash: 8e8c40a2cd2d8a94221a8a9ca63da1d220e3c0d94934c376c8f3848bd08cabd4
                                    • Instruction Fuzzy Hash: DD02F2F3F152154BF3044D28DC983B6B696EB99320F2F823D9A889B7C5E97E9C054385
                                    Function 00C2F187 Relevance: .5, Instructions: 489COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 85a873ba6f9ae424002dc8cedd76fe5b7ad764d4888f6ccfda97bded72be6de1
                                    • Instruction ID: 1489d022c045e4fa7f7400d41d6ed5fc4a0a3671444c0080f36eeeb573ad3c12
                                    • Opcode Fuzzy Hash: 85a873ba6f9ae424002dc8cedd76fe5b7ad764d4888f6ccfda97bded72be6de1
                                    • Instruction Fuzzy Hash: 44F1BDF3F111254BF3544938DD593A27A93DB90320F2F82389F98AB7C4D97E9D0A4285
                                    Function 00C4301D Relevance: .4, Instructions: 446COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 71b7144434531fbe4215deb82f9ca77d50d458adf6a13efa550a75de9eba7bfe
                                    • Instruction ID: e02c58e28e5237b2a96bd32f3dacb063fae0c95a7945c09b4b9e29e36323d48a
                                    • Opcode Fuzzy Hash: 71b7144434531fbe4215deb82f9ca77d50d458adf6a13efa550a75de9eba7bfe
                                    • Instruction Fuzzy Hash: 62E1F1F3E142144BF3545E28DC85366B696EB94320F1F863CDE98A77C4E93E9D094385
                                    Function 00B680D9 Relevance: .4, Instructions: 422COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: f575d36fa2ac2171e5cc1b1cafc030b9a0409de9db4aea24e815a71ea9eab9e3
                                    • Instruction ID: f9fcb908324cb833e8e208e24cd8b341e8e1e26ffdb339e56ee97e114ca21099
                                    • Opcode Fuzzy Hash: f575d36fa2ac2171e5cc1b1cafc030b9a0409de9db4aea24e815a71ea9eab9e3
                                    • Instruction Fuzzy Hash: A9D11336618756CBCB184F38EC5126AB7E1FF49301F4A8978D485972A0FB7ACA94CB50
                                    Function 00B381F0 Relevance: .4, Instructions: 408COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: ad73730c8794a5202bfda304d42934a056ecb21b4cd5f3ce3d3dc5bf7d2c7a6b
                                    • Instruction ID: 02a0c2d2ef742d8e1b9d1d9e25039a0e33253fbd1f9a21fc54dbc414cb6634fc
                                    • Opcode Fuzzy Hash: ad73730c8794a5202bfda304d42934a056ecb21b4cd5f3ce3d3dc5bf7d2c7a6b
                                    • Instruction Fuzzy Hash: 88E109716087854BC319CE29D8E026FFBD2EBD5320F28CA5DF4A64B3E5DB3499058B42
                                    Function 00B47190 Relevance: .4, Instructions: 375COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: f4217b35cd666c7119fd1bba2152f0d1ecc604d1eead3bedea189ae799516a36
                                    • Instruction ID: b901032e954e41a0e834fbe49a73e1efdc11698f7e3e6296685465a885dfed44
                                    • Opcode Fuzzy Hash: f4217b35cd666c7119fd1bba2152f0d1ecc604d1eead3bedea189ae799516a36
                                    • Instruction Fuzzy Hash: 71B1C370218741CFE7258F39D891B33B7E2EB56710F18899CD5968B392DB38E941EB50
                                    Function 00C7612B Relevance: .4, Instructions: 375COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 8d4b6219b0fe03e7d256fbc140d3600d5febdaf1981687652914a3027979c972
                                    • Instruction ID: 8c04585d04a4a5b97f414bb5e52a160208c6d1f56ebd1c62e14d2198e3397717
                                    • Opcode Fuzzy Hash: 8d4b6219b0fe03e7d256fbc140d3600d5febdaf1981687652914a3027979c972
                                    • Instruction Fuzzy Hash: 9CD1E1F3E142108BE3145E39DC54366B7E2EBD4320F2B863CDA88977C4EA7E58458782
                                    Function 00C843FB Relevance: .4, Instructions: 373COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 78dec56e2e2ea4af06af459c016fc5acc7ac1f065a0d046018114ecf5c44af8f
                                    • Instruction ID: 460092e7cd1aad6ea0d76bd92ce99e4b596590ca0406e9607bf17f13f3082abf
                                    • Opcode Fuzzy Hash: 78dec56e2e2ea4af06af459c016fc5acc7ac1f065a0d046018114ecf5c44af8f
                                    • Instruction Fuzzy Hash: 26D1A0B3F101258BF3444E39CDA83A27693EB95314F2F42788B59AB7C4D97E9D099384
                                    Function 00C65040 Relevance: .4, Instructions: 368COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: cd864f74b7ef7739fe792b77157afc50c61f3158663951fc242a088036c68443
                                    • Instruction ID: 0a6fe4b512bec850026d11dbe74a524f5ee0405914af6acae020f85914b9d794
                                    • Opcode Fuzzy Hash: cd864f74b7ef7739fe792b77157afc50c61f3158663951fc242a088036c68443
                                    • Instruction Fuzzy Hash: 3AC19FB3F111244BF3544D29CC583A27683DBD5324F2F82788E58AB7C9D9BE9D0A9384
                                    Function 00C5D0BF Relevance: .4, Instructions: 366COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 1bd1c5b2fe58c3e69285f9d8ce7ee54c69bc4f2474a2ba54ec230e3728e45341
                                    • Instruction ID: 45f9cd0d923c6153ab57d74e0e09f84300ae8e8a1c8a3cd2c9f3e88ab9ce95e5
                                    • Opcode Fuzzy Hash: 1bd1c5b2fe58c3e69285f9d8ce7ee54c69bc4f2474a2ba54ec230e3728e45341
                                    • Instruction Fuzzy Hash: 90C197B3F111214BF3544D79DD883A266839BD5314F2F82798E4CAB7C9D87E9D0A9388
                                    Function 00BB435F Relevance: .4, Instructions: 366COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 9b9ff5abb08ffb0c71510092f54e942dcd1ba5425dbf5cc6b16221b0adb9292b
                                    • Instruction ID: b644fcc3cc6edaab0c205dabcbe20a2265a29fe2754fd0d592ae6e43034b6888
                                    • Opcode Fuzzy Hash: 9b9ff5abb08ffb0c71510092f54e942dcd1ba5425dbf5cc6b16221b0adb9292b
                                    • Instruction Fuzzy Hash: 70C19BF3F112254BF3544D69CDA83A26683DB94320F2F42388F49AB7C5E9BE9D065384
                                    Function 00C02230 Relevance: .4, Instructions: 364COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: df4adb0328109d6efe9c1b510aa153add35c41e80caad1c0f882c1d5e20c0423
                                    • Instruction ID: 2f23f58ec7fd36dc736498a4142c20650554d9aacecd60fa98cbe272d484ad3d
                                    • Opcode Fuzzy Hash: df4adb0328109d6efe9c1b510aa153add35c41e80caad1c0f882c1d5e20c0423
                                    • Instruction Fuzzy Hash: 09C19DB3F111254BF3584929DC583A26683DBE5321F2F82798E4C6B7C9ECBE5D0A5284
                                    Function 00C511D5 Relevance: .4, Instructions: 358COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: dc871434672ae575d4a7924f754a4ab94006883e07473b0ef4520a6ba8479ef9
                                    • Instruction ID: 49269ee4f8c9a43978813b1166267798e6829134c8a6314786161828cfd6cb06
                                    • Opcode Fuzzy Hash: dc871434672ae575d4a7924f754a4ab94006883e07473b0ef4520a6ba8479ef9
                                    • Instruction Fuzzy Hash: 56C19AF3F512254BF3544979CD9836266839BE5310F2F82788F0CABBC5D8BE5D0A5284
                                    Function 00BCC3CC Relevance: .4, Instructions: 358COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 0fbfe66b1495e140ab53566cf1b49e902f4e8cd06c05c20b030f0210068ae80d
                                    • Instruction ID: f2256605e64218622eaadfa77b9ccf3b5df16b59b5ca71a7d03d7ef8e34fd18d
                                    • Opcode Fuzzy Hash: 0fbfe66b1495e140ab53566cf1b49e902f4e8cd06c05c20b030f0210068ae80d
                                    • Instruction Fuzzy Hash: A0C168B3F115254BF3584939CD683A225839BD5324F2F82388F5DABBC9DCBE5D0A5284
                                    Function 00C8E36F Relevance: .4, Instructions: 356COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: d182054689d0181e2e206838ccbbaae16a5c33f6162320a2f77877fdcf58dd87
                                    • Instruction ID: aadf11d4720f51680148ed730bd460d0059a1caae98d4175b3cfbbc018c288cc
                                    • Opcode Fuzzy Hash: d182054689d0181e2e206838ccbbaae16a5c33f6162320a2f77877fdcf58dd87
                                    • Instruction Fuzzy Hash: B5C189B3F112254BF3444D29CD683A26683DBD5314F2F82788E49AB7C9ECBE5D4A5384
                                    Function 00BFC0D6 Relevance: .4, Instructions: 354COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: bf82fbf8de1d7ef3769d0e64e48982252aed02fb167b832ec80382e9697f0f46
                                    • Instruction ID: e9b2fd175f362535fb60b5ee509e6eb8500ab1f4872a45598348adeaf14d4858
                                    • Opcode Fuzzy Hash: bf82fbf8de1d7ef3769d0e64e48982252aed02fb167b832ec80382e9697f0f46
                                    • Instruction Fuzzy Hash: 68C18CF3F616254BF3444878CD983A2698397D5320F2F82788F6CAB7C6D87E5D095284
                                    Function 00C291D9 Relevance: .4, Instructions: 353COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 48fa931d4120f0117a2b07a450ba8b147341d7fa7ad65a5d7cbf377538df6f0a
                                    • Instruction ID: 41867265f763e63bc74a677f9feecf38c7ce9b4c8584e469e01e8543c3ff09ed
                                    • Opcode Fuzzy Hash: 48fa931d4120f0117a2b07a450ba8b147341d7fa7ad65a5d7cbf377538df6f0a
                                    • Instruction Fuzzy Hash: B8C18BB3F101304BF3544D69DC983A2A692DB95720F2F42788F5CAB7C5D8BE9C0A52C4
                                    Function 00C7817C Relevance: .4, Instructions: 352COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 4308d2d969e62aece24d7f68bceafdaa5da1e11130f604d367ddf5aca44d1c14
                                    • Instruction ID: 523c49cb37ee0fc5ba1503abd73f4c814c9ec27a07966a140d10f6bf583ee691
                                    • Opcode Fuzzy Hash: 4308d2d969e62aece24d7f68bceafdaa5da1e11130f604d367ddf5aca44d1c14
                                    • Instruction Fuzzy Hash: DFC168E7F512254BF3444939DD983A2258397D1314F2F82388F5D6BBC9D8BE5E0A5288
                                    Function 00B6E2C0 Relevance: .3, Instructions: 349COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID: InitializeThunk
                                    • String ID:
                                    • API String ID: 2994545307-0
                                    • Opcode ID: d11978af92e5e015435235a066deba1e31321bad2f42408fe65f1c430c5b7ed7
                                    • Instruction ID: dc2a0b777406c7dbdebb4d5459d9451c63e381a4cc960ad2f557e5c870b351e0
                                    • Opcode Fuzzy Hash: d11978af92e5e015435235a066deba1e31321bad2f42408fe65f1c430c5b7ed7
                                    • Instruction Fuzzy Hash: 2DB107397083558FC714DE25C890A6EB7E2EFD5314F19C6BCE89A47362EA38D841C791
                                    Function 00C2A036 Relevance: .3, Instructions: 346COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 26fc8e46e4b9a8a74eae1496ef8b8c5b54f389a393d4f8ebe61cc27bd1124ad5
                                    • Instruction ID: 55efd9d200f9c49c918b3f46ddd9295fc2fc31bf5922f100ca3a6fad0d60eea0
                                    • Opcode Fuzzy Hash: 26fc8e46e4b9a8a74eae1496ef8b8c5b54f389a393d4f8ebe61cc27bd1124ad5
                                    • Instruction Fuzzy Hash: 40C16CF3F512254BF3544869DD983A22683DBD4324F2F82788F585BBC5EDBE5C0A5284
                                    Function 00BF24F2 Relevance: .3, Instructions: 344COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 0e0081371503a9d1ae1262d8d39e1d31d524c4e12376c2cf83efb78b8f7243d2
                                    • Instruction ID: 88d4cfc2feacff3fbcd314c209435c82fb5e6c93417d17306640789c500af80a
                                    • Opcode Fuzzy Hash: 0e0081371503a9d1ae1262d8d39e1d31d524c4e12376c2cf83efb78b8f7243d2
                                    • Instruction Fuzzy Hash: 0FC1ACB3F1162547F3584D29DC583A2668397E4324F2F82798E9CAB7C6D87E9D0643C4
                                    Function 00BC91B0 Relevance: .3, Instructions: 341COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 4844be5029407fe95f16f68adba219d22480439f23e6b2b4ffcc8554bb3e9d25
                                    • Instruction ID: 717bc50fe8b34c95d68788a1f921352e0deb68eff1b397ee423d231be9e623f6
                                    • Opcode Fuzzy Hash: 4844be5029407fe95f16f68adba219d22480439f23e6b2b4ffcc8554bb3e9d25
                                    • Instruction Fuzzy Hash: 6CC1B9B3F105254BF3544D38CD883A27693ABD1324F2F82388E5CABBC9D97E5D0A5284
                                    Function 00C7E044 Relevance: .3, Instructions: 338COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 75214f721a2747f824296c351144c561ad683fc0a10a5ec05e52f0de6fbe00ae
                                    • Instruction ID: 199f931cfaaf5ebc80c6d1f7f6e26bcbabfa1cd419eec0244bb4bb9eed30bb79
                                    • Opcode Fuzzy Hash: 75214f721a2747f824296c351144c561ad683fc0a10a5ec05e52f0de6fbe00ae
                                    • Instruction Fuzzy Hash: E2B199B3F5152547F3584839DC683A26583EBD1320F2F823D8E59ABBC9DC7E8D0A5284
                                    Function 00BD040E Relevance: .3, Instructions: 337COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 20e56b1a7b3f889a1b708a44a8a6175702be1e766d3a8f5ec84e003afd2df3a9
                                    • Instruction ID: 7483746b507e06bc4f0814548cecc63e751389e9c737feae28a9dc4cdf5fc530
                                    • Opcode Fuzzy Hash: 20e56b1a7b3f889a1b708a44a8a6175702be1e766d3a8f5ec84e003afd2df3a9
                                    • Instruction Fuzzy Hash: 28C19DB3F102254BF3404D39DD983A27683DB95324F2F82788E58AB7C9E9BE9D455384
                                    Function 00C991AD Relevance: .3, Instructions: 327COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: e10590ee610863085b4991b7e063d375e209f354e9cb232fe26981500b5c5172
                                    • Instruction ID: 96fdb30b3ef79274e9d28e3382091428d7dbe9a1b23eac28b20e0c71a7442602
                                    • Opcode Fuzzy Hash: e10590ee610863085b4991b7e063d375e209f354e9cb232fe26981500b5c5172
                                    • Instruction Fuzzy Hash: 1AB18BF3F512254BF3544D79DC983626682EB95320F2F82788E4CAB7C5D8BE9D0A5384
                                    Function 00BE4088 Relevance: .3, Instructions: 321COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: acff5af73d4eaadb4a7b3b4710d2e8132678e73c387d52861858fd5548948b05
                                    • Instruction ID: 381942402bb560bd1592192dc593db5013e6188eedb4e778ad27a13d41562ff5
                                    • Opcode Fuzzy Hash: acff5af73d4eaadb4a7b3b4710d2e8132678e73c387d52861858fd5548948b05
                                    • Instruction Fuzzy Hash: D0B18FB7F112264BF3444D79CC983A27693EB95320F2F42388E589B7C5D97E9D0A5384
                                    Function 00C7E5CA Relevance: .3, Instructions: 319COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: b8e7a16fcbcde86256c762695bf96544fdca45c790da021349b48901536e147e
                                    • Instruction ID: 30e97be696e18fcb0ac27a5b60ebd22f623347614fd3dc8a080f1ed9397fec6e
                                    • Opcode Fuzzy Hash: b8e7a16fcbcde86256c762695bf96544fdca45c790da021349b48901536e147e
                                    • Instruction Fuzzy Hash: 7CB198B3F112254BF3484978DC983A27682EBA5320F2F82788F596B7C5D97E5D0A5384
                                    Function 00C9E21F Relevance: .3, Instructions: 318COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 3b033afae793151f721dbe478cdc7b749a5fed346cc4f9fffcc284bedb3bf06c
                                    • Instruction ID: 46b9dc5a769376891f91cd8f4f918533f261aa7ed6d7849f3b2fde2a273028a5
                                    • Opcode Fuzzy Hash: 3b033afae793151f721dbe478cdc7b749a5fed346cc4f9fffcc284bedb3bf06c
                                    • Instruction Fuzzy Hash: 67B191B3F512254BF3848879DD983A26583D795324F2F82388F5CAB7C5D87E9D0A5384
                                    Function 00BAF078 Relevance: .3, Instructions: 317COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 3858aa3f06e1c3319dc6ae5179dab8a56d29dbca1b559a85590285b87087d563
                                    • Instruction ID: 09752a8ddb228f4805b0a97d7275bd5bf63478992e50869a36d73d11f90c1120
                                    • Opcode Fuzzy Hash: 3858aa3f06e1c3319dc6ae5179dab8a56d29dbca1b559a85590285b87087d563
                                    • Instruction Fuzzy Hash: FFB1B0F7F116254BF3504978CC983A26683EBD5314F2F82788E58AB7C9D87E9D0A5384
                                    Function 00C280FE Relevance: .3, Instructions: 316COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: e7b60b5c7c7d2a639ba2b5c91b149c4e26ce325251d12a7d951c5fb2e40040b8
                                    • Instruction ID: 07ff0ae91cac21977b52810c964f559a7bc30bb91f6728c110dc2047db9167e6
                                    • Opcode Fuzzy Hash: e7b60b5c7c7d2a639ba2b5c91b149c4e26ce325251d12a7d951c5fb2e40040b8
                                    • Instruction Fuzzy Hash: CDB188B3F112214BF3884979DCA836266839B95320F2F42798F5DAB7C5DCBE5D0A4384
                                    Function 00C884C5 Relevance: .3, Instructions: 314COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 673ae19817683aaee700d42b3614b13e9530f553b8b31e4f682edebf913e91f2
                                    • Instruction ID: 26ea9a3df3987f4652b8db4c905b3e693bd24383481ea529f301bda8864b0bce
                                    • Opcode Fuzzy Hash: 673ae19817683aaee700d42b3614b13e9530f553b8b31e4f682edebf913e91f2
                                    • Instruction Fuzzy Hash: 10B18DF3F515214BF3484839DD993A22583DBA5310F2F82788F9DA7BC9D87E5D0A5284
                                    Function 00C303FF Relevance: .3, Instructions: 312COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: e2da489e6e686ee5aa175cec15a5e35ff1b786a9195f1c2ad3e2d4b02a7cdb63
                                    • Instruction ID: e4fc99ddb75ba4b01b4bab5138f5f99ae08d2b196e3dad5087988306f19aeb4f
                                    • Opcode Fuzzy Hash: e2da489e6e686ee5aa175cec15a5e35ff1b786a9195f1c2ad3e2d4b02a7cdb63
                                    • Instruction Fuzzy Hash: 2DB159F3F115254BF3544939CC583A265839BE4325F2F82788F5CABBC9D87E5D0A5288
                                    Function 00C5E058 Relevance: .3, Instructions: 311COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 8c00c101d0cce1af443b35ec99e5dd9ddac9247302ce7c791fa219dece64c753
                                    • Instruction ID: 82846f163aa0de5e34e4275b54b465ea6807200503fe93907a5a1efc280c0d6b
                                    • Opcode Fuzzy Hash: 8c00c101d0cce1af443b35ec99e5dd9ddac9247302ce7c791fa219dece64c753
                                    • Instruction Fuzzy Hash: EAB190B3F116254BF3544C29CCA83A26583DBD1324F2F82788F986B7C5D8BE9D0A5384
                                    Function 00C7D08E Relevance: .3, Instructions: 308COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 14af003e74089783c43140e9bc365bb3838cabf1da7dfa39b0136002a21277d6
                                    • Instruction ID: 86c87667fa91147dc575e97435b817b07eda93829b384fd0d57c365647823528
                                    • Opcode Fuzzy Hash: 14af003e74089783c43140e9bc365bb3838cabf1da7dfa39b0136002a21277d6
                                    • Instruction Fuzzy Hash: 2FB1D0B3E512214BF3544D78DC883A27693EB94320F2F82788E5CAB7C5E97E5D095384
                                    Function 00BB32F6 Relevance: .3, Instructions: 307COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 3db8f683723c1a53c012761294b92241e3d661a37322ce1d597c601f624e7e18
                                    • Instruction ID: dea7ca4dcc933e489911df77f651fb4aa63423da2caa1650c3c86ffadd8f38b8
                                    • Opcode Fuzzy Hash: 3db8f683723c1a53c012761294b92241e3d661a37322ce1d597c601f624e7e18
                                    • Instruction Fuzzy Hash: 54A16BB3F111254BF3544879CD983A26683DBD5311F2F82788F5CABBC9E8BE5D0A5284
                                    Function 00C0D295 Relevance: .3, Instructions: 307COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 571a037dd5059acce00f496a17987188d5416d5773f0eaa57e79ad02a6db2cd3
                                    • Instruction ID: 1ecacbc71435aabce3191ef00b4319584d0235f3ab4aa5e138cd79bcc1007371
                                    • Opcode Fuzzy Hash: 571a037dd5059acce00f496a17987188d5416d5773f0eaa57e79ad02a6db2cd3
                                    • Instruction Fuzzy Hash: 2EB1B1B3F112254BF3044E69DC983A27693DBD5320F2F42388E589B7C5D97E9D4A9384
                                    Function 00C81131 Relevance: .3, Instructions: 306COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 3d6cd4905dbe71a327870968565a0d612a69bdd5510a732b8da5d4c733e66c11
                                    • Instruction ID: 25ed174d2e8a0aedb795471d47470b2c7156a75e3f563024414770a8e185c386
                                    • Opcode Fuzzy Hash: 3d6cd4905dbe71a327870968565a0d612a69bdd5510a732b8da5d4c733e66c11
                                    • Instruction Fuzzy Hash: 9FA192F3F512264BF3444C78DD983A26683D7D0315F2F82388E589B7C9E9BE9D0A5284
                                    Function 00B36200 Relevance: .3, Instructions: 303COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: dc1db6a217cb8f63b2a4c53b2a12e6814aef47cb0c90e13827f5475dc9e5d2a9
                                    • Instruction ID: 414d6cb9cab5789c3c66eaa5453972bef165ec97505543e44d83785b0a40ab8b
                                    • Opcode Fuzzy Hash: dc1db6a217cb8f63b2a4c53b2a12e6814aef47cb0c90e13827f5475dc9e5d2a9
                                    • Instruction Fuzzy Hash: F6C17BB29487419FC320CF28CC86BABB7E1FF85318F18896DD1D9C6242E778A155CB06
                                    Function 00C0A441 Relevance: .3, Instructions: 303COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: ffd9cc0d312bdd889b91abc65ba97efc85b21d76f2638ec8c85408bc70d8f893
                                    • Instruction ID: 8641c650bcc0f3ce3f7c4d1e071c3a71753554b836d46278df9bef9122286807
                                    • Opcode Fuzzy Hash: ffd9cc0d312bdd889b91abc65ba97efc85b21d76f2638ec8c85408bc70d8f893
                                    • Instruction Fuzzy Hash: 0DA1CDB3F112254BF3444939CC983A22683DBD5324F2F82388E58AB7C9DDBE5D4A5384
                                    Function 00C9D08E Relevance: .3, Instructions: 300COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 82fa19dd5139b5a06a9f4406305c82f1c44ed8fdfca6dbf35a5eff8149473bae
                                    • Instruction ID: 673851502c0e34192ca257811a4b0e59bbeef3743010fb82c50c8a2ddd9ae73c
                                    • Opcode Fuzzy Hash: 82fa19dd5139b5a06a9f4406305c82f1c44ed8fdfca6dbf35a5eff8149473bae
                                    • Instruction Fuzzy Hash: 59A19AB3F112254BF3544D38CCA83A26683DB95310F2F82788E596B7C9EC7E5D0A9384
                                    Function 00C3F2D4 Relevance: .3, Instructions: 300COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 8c71db54ec342ce0455b4cbfe339478fc397062e92dc8c67ad6fd9000a57f774
                                    • Instruction ID: 99702f0800c9a024fd2ff2942b2caaa017f2ce38cc52d279aeb4c013529f7cd0
                                    • Opcode Fuzzy Hash: 8c71db54ec342ce0455b4cbfe339478fc397062e92dc8c67ad6fd9000a57f774
                                    • Instruction Fuzzy Hash: 52A199B3F512254BF3444D79DD883626683DBD5320F2F82788E58AB7C9D8BE9D0A5284
                                    Function 00C904A4 Relevance: .3, Instructions: 300COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 284a6fe86230a4924838d1acb7e9bdcff165a25fc8565123c7295655401b6891
                                    • Instruction ID: 2016be921b63f1693640d7713a43a08045c1a92fe20f854bf3589cda0e89d29e
                                    • Opcode Fuzzy Hash: 284a6fe86230a4924838d1acb7e9bdcff165a25fc8565123c7295655401b6891
                                    • Instruction Fuzzy Hash: 94A19DB3F102258BF3544D68DC983A27653DB95324F2F42388F4C6B7C5D9BE5D0A9288
                                    Function 00BD8579 Relevance: .3, Instructions: 299COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: bfe1d487917b531c8088b85b08ace236c0f4aa6136ef543588004434f15ff54b
                                    • Instruction ID: 177d584f9c89b93cd62f3a3fa005596b73330eb956bba885e6383a7d15ebc344
                                    • Opcode Fuzzy Hash: bfe1d487917b531c8088b85b08ace236c0f4aa6136ef543588004434f15ff54b
                                    • Instruction Fuzzy Hash: 82A1ACB3F115214BF3544D39CD983A26683DBD4324F2F82798E58ABBC9D87E5D0A5384
                                    Function 00BFF1D8 Relevance: .3, Instructions: 298COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: ebb8fe4aadf2d4d460ca188c2eb056049d9857a32945046c3436c354423a1497
                                    • Instruction ID: dfb36384fb4c7e9e87cf071702079aafd61d0d52776873bc8afb6b73860e621a
                                    • Opcode Fuzzy Hash: ebb8fe4aadf2d4d460ca188c2eb056049d9857a32945046c3436c354423a1497
                                    • Instruction Fuzzy Hash: 48A15AB3F502254BF3584D78CD993A26582DB94320F2F82388F9DAB7C5E8BE5D0952C4
                                    Function 00BEA592 Relevance: .3, Instructions: 298COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 8a26dee3d9d43a3d3fa4ca71b97346a97735748b229bfa63c0c85da5862fd537
                                    • Instruction ID: 4fc4a1d296a219b3733c256d47533a87cf547dad943b607041a76d88597b00a9
                                    • Opcode Fuzzy Hash: 8a26dee3d9d43a3d3fa4ca71b97346a97735748b229bfa63c0c85da5862fd537
                                    • Instruction Fuzzy Hash: D1A18CB3F112254BF3584965DCA83A26583DBD5320F2F82788E4D6B7C9E8BE5C4A5384
                                    Function 00C8D18A Relevance: .3, Instructions: 296COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 0669714d8bf1cee256b5ea051cca1bc58408c2fe4a487ad5f11fa8f5ed128c3d
                                    • Instruction ID: 0f4082db785bb1b75834b54c75bc38a1d69411fa9a286458092873797e27739d
                                    • Opcode Fuzzy Hash: 0669714d8bf1cee256b5ea051cca1bc58408c2fe4a487ad5f11fa8f5ed128c3d
                                    • Instruction Fuzzy Hash: F1A17DB3F111244BF3444D69CC983626683DBD5324F2F82788E58AB7C9DD7E9C0A5384
                                    Function 00C943FE Relevance: .3, Instructions: 296COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: e99ed42501093aef920f0303674f09576b94bbb7a34a6eade21e68c545e34673
                                    • Instruction ID: b80013bff3fb13cceec49469efc613319f3a86e5c420c78680971603de93d5e6
                                    • Opcode Fuzzy Hash: e99ed42501093aef920f0303674f09576b94bbb7a34a6eade21e68c545e34673
                                    • Instruction Fuzzy Hash: C6A188F3F5152147F7484978CD983A266439BE5324F2F82388F0D6BBC9E87E5D0A5288
                                    Function 00C500A2 Relevance: .3, Instructions: 295COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: a74d33990be1f5c2eceadf8980878d546acf90a7bd649f72a8219d96db2df70c
                                    • Instruction ID: b58f48be4fa8b5a1a824becf44a4f3fa643b73dd2688ff2212be6689a83c2681
                                    • Opcode Fuzzy Hash: a74d33990be1f5c2eceadf8980878d546acf90a7bd649f72a8219d96db2df70c
                                    • Instruction Fuzzy Hash: ECA18CB3F516254BF3844969DC983A2628397E5320F2F81788F4C6B3C5E8BF5D4A5388
                                    Function 00C4222E Relevance: .3, Instructions: 295COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: f355fc5343a5f3a16ae27bd9a7f7872622892b28281ad44feeb546423387cf03
                                    • Instruction ID: 3b9833c9c912aefa7ca238e0bace2131fdbbdddc6e7c46db8787ed19deadccf3
                                    • Opcode Fuzzy Hash: f355fc5343a5f3a16ae27bd9a7f7872622892b28281ad44feeb546423387cf03
                                    • Instruction Fuzzy Hash: 16A19BB3F116254BF3104D29CC983A27293ABE4724F2F42788E4C6B7C5E97E5D469284
                                    Function 00C0C5B2 Relevance: .3, Instructions: 293COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: b2e6d47ce53fe7349d3838bd35cfd33ecc670862725fa0e6b2955921aaff9ecb
                                    • Instruction ID: 5b575ddf54d741bd75d6070502b2594fcf9853b8346b0e8b61e6e48adc0ee3f2
                                    • Opcode Fuzzy Hash: b2e6d47ce53fe7349d3838bd35cfd33ecc670862725fa0e6b2955921aaff9ecb
                                    • Instruction Fuzzy Hash: E8A18CB3F111254BF3540D69CC543A27683EBD5320F2F82798A1CAB7C5D9BE9D4A9384
                                    Function 00BD80B2 Relevance: .3, Instructions: 291COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: dd4a7ca5e2c12e8a7480e7d466e293148c474a3c69f7c2f7c6a25071004a0c96
                                    • Instruction ID: 4642d24c74c4d6d271c62e5a893c4100d176f15ef9e591d7ca56a7cada6ae2bc
                                    • Opcode Fuzzy Hash: dd4a7ca5e2c12e8a7480e7d466e293148c474a3c69f7c2f7c6a25071004a0c96
                                    • Instruction Fuzzy Hash: 03A1CEB3F105244BF3444D29CD583A26683DBA5321F2F82788E5DAB7C5E8BE9D4A5384
                                    Function 00BA81F2 Relevance: .3, Instructions: 291COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 46968aced1e7597783d919f5aa561f48a17f756a0b1a244e1973af9a235bbd95
                                    • Instruction ID: 1919b3ffccbe939c3f48c00943e3d70f9724d836ee6dc4977cc9eb40a9c17f06
                                    • Opcode Fuzzy Hash: 46968aced1e7597783d919f5aa561f48a17f756a0b1a244e1973af9a235bbd95
                                    • Instruction Fuzzy Hash: 05A17AB3F516214BF3544D78DD983A22583DB95320F2F82788FA89BBC5DCBE5D0A5284
                                    Function 00C2A5EB Relevance: .3, Instructions: 289COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 09295fda7d7baa456c66bd899bd6f879daa24f70f6be872d0d97dd9110301080
                                    • Instruction ID: 5e1960370c460377ba88848f5b01b3b530a68c622c483fbe50abdfbec0c3795f
                                    • Opcode Fuzzy Hash: 09295fda7d7baa456c66bd899bd6f879daa24f70f6be872d0d97dd9110301080
                                    • Instruction Fuzzy Hash: F4A159F3F112254BF3444879CDA83A2668397D5314F2F82398E4DABBC5E87E9D0A5284
                                    Function 00BB0070 Relevance: .3, Instructions: 288COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 6c631921bda733d172c915cee3a65bc67a4e864fb9db47ee50cd8f92747e713b
                                    • Instruction ID: 5cc979d5182912db77c97d2e35af6858afa2726acd3c20076d0ef8942955a38f
                                    • Opcode Fuzzy Hash: 6c631921bda733d172c915cee3a65bc67a4e864fb9db47ee50cd8f92747e713b
                                    • Instruction Fuzzy Hash: 18A17BB3F2152547F3844D28DC993A26683DBD4320F2F82798E4DAB7C5D87E9D4A5384
                                    Function 00BEE12A Relevance: .3, Instructions: 288COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 05263a74cda4b6aa1fc5884f6013451a891a0f562e1ead32447cc158a9a6203e
                                    • Instruction ID: be78704dd228e09c7b4510d814aa74e3b071ff3e6f91ad443d06dbf82f6f86a7
                                    • Opcode Fuzzy Hash: 05263a74cda4b6aa1fc5884f6013451a891a0f562e1ead32447cc158a9a6203e
                                    • Instruction Fuzzy Hash: 62A1ACB3F521254BF3444929CC583A266839BD1320F3F82788A9C6B7C5ECBE9D4A5384
                                    Function 00C6C0FD Relevance: .3, Instructions: 287COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 991aa571e2e535e6d80a35f5bb88c42533de414fdc2bff23087421eb2f91ebe3
                                    • Instruction ID: 58253d49157f8dc059da4fa07052d5c4715084541c294198cef184848356c5c8
                                    • Opcode Fuzzy Hash: 991aa571e2e535e6d80a35f5bb88c42533de414fdc2bff23087421eb2f91ebe3
                                    • Instruction Fuzzy Hash: 47A18CB3F1022547F3584938CDA83A26683DB95324F2F82788F59AB7C5E9BF9D055384
                                    Function 00C08109 Relevance: .3, Instructions: 286COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 8f071e1325e9ad8bcfdece5f232249529ecc99d9b30771306ff231fb3726f941
                                    • Instruction ID: bc8630520a9dbd64c80f0ff09d66494be2751b0ae5b85f2de6f1e25d12dd34c6
                                    • Opcode Fuzzy Hash: 8f071e1325e9ad8bcfdece5f232249529ecc99d9b30771306ff231fb3726f941
                                    • Instruction Fuzzy Hash: C1A19CB3F111254BF3544929CC983A276839BD5320F2F82788E4CAB7C5D9BE9D0A9384
                                    Function 00BBE588 Relevance: .3, Instructions: 285COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: d6bc9662a2fcd78cc2f857a0ed92446a0776ee4b6f087e2fdf295c7b590c24ac
                                    • Instruction ID: fc58f5aea1cc684be1158eba212632a8631ad072ad6ade89513750c1e0aa42d1
                                    • Opcode Fuzzy Hash: d6bc9662a2fcd78cc2f857a0ed92446a0776ee4b6f087e2fdf295c7b590c24ac
                                    • Instruction Fuzzy Hash: C6A1AEF3E116254BF3544D68CC983A2B2839BE4320F2F82788E5CAB7C5D97E9D465384
                                    Function 00BB10A5 Relevance: .3, Instructions: 284COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 518b86fbeeaefa6d4f39fd34907f1605529bb90cb0071e08026c6ed91554cb6d
                                    • Instruction ID: f9d222e9fcd27d932a5462ef0d881b1834c1efb40f5ffc0f1e9d701d17d2be78
                                    • Opcode Fuzzy Hash: 518b86fbeeaefa6d4f39fd34907f1605529bb90cb0071e08026c6ed91554cb6d
                                    • Instruction Fuzzy Hash: 1FA18CB3F105244BF3544D29CC983A27293DBA5325F2F81B88F486B7C9D87E5C4A9784
                                    Function 00BA7195 Relevance: .3, Instructions: 284COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 01d112589bf9eadd78d8fada7c48ae49186c70725bc9c869c962ff4c8e7ddfa9
                                    • Instruction ID: 9665c9b8e115783de5375d02ef9929f9d6cb8be8d2ec32c2490626cf16641729
                                    • Opcode Fuzzy Hash: 01d112589bf9eadd78d8fada7c48ae49186c70725bc9c869c962ff4c8e7ddfa9
                                    • Instruction Fuzzy Hash: 12A158B3F511254BF7588938CC683A26283EB95320F2F827C8F596BBC5DD7E5D0A5284
                                    Function 00BDC338 Relevance: .3, Instructions: 282COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: a2f89bbeb787b517d92afadd6805c3a350e3c908c3eb48379e4bde65e3f65112
                                    • Instruction ID: 7239b2de2100b5a57e0ecfee807946008a52da7eda5852db1dbcab0cd2a46772
                                    • Opcode Fuzzy Hash: a2f89bbeb787b517d92afadd6805c3a350e3c908c3eb48379e4bde65e3f65112
                                    • Instruction Fuzzy Hash: 91A1ADF7F516244BF3844829DDA83A22583DBD4314F2F81798F89AB7C5D87E5D0A5388
                                    Function 00C96331 Relevance: .3, Instructions: 282COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 2ae2c22f8be480057e3564f873cbf13b7b753be0782fd0eb94b81b1802835592
                                    • Instruction ID: 4ac3de10565b700e73856502d822fd3652c1ed6799d3c9525dcae8ca7c309492
                                    • Opcode Fuzzy Hash: 2ae2c22f8be480057e3564f873cbf13b7b753be0782fd0eb94b81b1802835592
                                    • Instruction Fuzzy Hash: B3A1A9F3F102254BF3444C78DD983626682DB91320F2F82798F5DAB7C5D9BE5E0A5288
                                    Function 00C3E4B4 Relevance: .3, Instructions: 282COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 0a7432ba3aa92b4bbfa836bf0bcf3ca2b97f5d0663e2e79531908ac76cbc106f
                                    • Instruction ID: b3340f0a2e06a1bc93f795520a6ac27de218926eee58326138f8ecd0e211454e
                                    • Opcode Fuzzy Hash: 0a7432ba3aa92b4bbfa836bf0bcf3ca2b97f5d0663e2e79531908ac76cbc106f
                                    • Instruction Fuzzy Hash: 1FA19DB3F101244BF3984D29CC583A26692DBA5324F2F82788F4DAB3D4E87E6D095384
                                    Function 00C3C36D Relevance: .3, Instructions: 281COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 7b95bdc791ed54d609a8cc7c3e16f180d148e2991f4609fc7cdbc581afaf6240
                                    • Instruction ID: 403d92667d5cd1fcc85473264ddd48682fa017be510c6967f9f57b8719d995c7
                                    • Opcode Fuzzy Hash: 7b95bdc791ed54d609a8cc7c3e16f180d148e2991f4609fc7cdbc581afaf6240
                                    • Instruction Fuzzy Hash: 9FA1AAB3F111250BF3944D39CD983A26653EBD1314F2F82798E9C6BBC9D87E5D0A5284
                                    Function 00C70581 Relevance: .3, Instructions: 281COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 15ca65062cc9bedecaafd1907026962a669102a088ff73468d3e54f183135920
                                    • Instruction ID: d9640cc6f592363f099489bbaebcb6f063de3c492daa66fc0378ab76a5f70470
                                    • Opcode Fuzzy Hash: 15ca65062cc9bedecaafd1907026962a669102a088ff73468d3e54f183135920
                                    • Instruction Fuzzy Hash: F7A1D2B3F101258BF3544D69DC583A27683DBD5320F2F82788E486B7C9D9BE5C0A9384
                                    Function 00C90040 Relevance: .3, Instructions: 280COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: ed93fc8d9f18a182e440b27fcd6ca275637e215b498dd54ce8a310f1cabb945e
                                    • Instruction ID: e67822da64b912bff0be4cf9a0578e5cc6501e81d37f12bb860e463f484cdece
                                    • Opcode Fuzzy Hash: ed93fc8d9f18a182e440b27fcd6ca275637e215b498dd54ce8a310f1cabb945e
                                    • Instruction Fuzzy Hash: 5DA1CCB3E010358BF3504E69DC583A2B293AB95324F2F42788E0C6B7C5E97E5D4A93C4
                                    Function 00C3E028 Relevance: .3, Instructions: 279COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: ef3e08b58251375acdcf1dbcc2a77ed07c1b232e7857c5ab359eded130b5e4d1
                                    • Instruction ID: 73fe50efc98717eb56061f16234d521989a85f54a6dcfb3b66c5e2338eab90a0
                                    • Opcode Fuzzy Hash: ef3e08b58251375acdcf1dbcc2a77ed07c1b232e7857c5ab359eded130b5e4d1
                                    • Instruction Fuzzy Hash: 5DA18DB3F212254BF3444C38CD983626693DB94324F2F827D8E59ABBC9D97E9D095384
                                    Function 00C66153 Relevance: .3, Instructions: 278COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: db0dc27ee5897212fac9562dedd5329ef90ade291dc545faa4f68328466f6177
                                    • Instruction ID: 2c126bbfd3521515db29746b4021d3a1bc92784b3e6094714a62230a98b54b22
                                    • Opcode Fuzzy Hash: db0dc27ee5897212fac9562dedd5329ef90ade291dc545faa4f68328466f6177
                                    • Instruction Fuzzy Hash: 0CA1A0F3F5162547F3484829CDA93626283DBD4324F2F827C8B59AB7C5D87E9D065288
                                    Function 00BEB08A Relevance: .3, Instructions: 276COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: e75d113e24be49bd3f1273a5dafc2db20bd9d2f288ed9b6bd2ce38f62f44dd7b
                                    • Instruction ID: ff4f74afe6c4e0af7c99dfc45b5d448d4e11e37c91ac3e868fc0af43adb27e25
                                    • Opcode Fuzzy Hash: e75d113e24be49bd3f1273a5dafc2db20bd9d2f288ed9b6bd2ce38f62f44dd7b
                                    • Instruction Fuzzy Hash: A691AAB3F215254BF3984929CD583A26683DBD1320F2F82788E5C6B7C5DDBF5D0A5288
                                    Function 00C090BF Relevance: .3, Instructions: 275COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 63da6961dd55b47a214333c7d59556be6d53e381788826a2e0ef004f46b7637c
                                    • Instruction ID: 1c84f4c611bebb74ce6e6605f898696fb6423c9fc70c5fda0d14072ccc4756d6
                                    • Opcode Fuzzy Hash: 63da6961dd55b47a214333c7d59556be6d53e381788826a2e0ef004f46b7637c
                                    • Instruction Fuzzy Hash: AEA167B3F112258BF3584E28CC683A67643DB91310F2F41788B59AB7C1D97F9D099388
                                    Function 00B932F8 Relevance: .3, Instructions: 275COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 7d3ad0c7bc22eb6eef12a744dd9a9c4c987c3c422e83f75d370f6974cb3eb390
                                    • Instruction ID: d8605470a85dcb37028ebfffc9a3cf5dddd4fb6eae8e679ec75eafba2d19081b
                                    • Opcode Fuzzy Hash: 7d3ad0c7bc22eb6eef12a744dd9a9c4c987c3c422e83f75d370f6974cb3eb390
                                    • Instruction Fuzzy Hash: 9691BCB3F506354BF3440D68DC983A27292EBA5310F2F42788E0C6B7C5E97E6D0992C4
                                    Function 00C49132 Relevance: .3, Instructions: 274COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: b4d7e971b89e31e7140bd5fbc8b53877a8bcdc96db310a762bf83f21525acdc7
                                    • Instruction ID: 4cb491ae442437072fd46431753309e34c7738af667bba94435353257d770251
                                    • Opcode Fuzzy Hash: b4d7e971b89e31e7140bd5fbc8b53877a8bcdc96db310a762bf83f21525acdc7
                                    • Instruction Fuzzy Hash: CE917DB3E111348BF3504E68DC943A27292AB95324F2F42798E9C6B7C4E97F6D4993C4
                                    Function 00BF20D0 Relevance: .3, Instructions: 273COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 9457a2a43760e6011b876fac8e2fff060aed5123e74db17ae8076defa3302e1a
                                    • Instruction ID: e5185e3bf78841dbbd673d14fbdfa76f81bf94e67ce5e82c13e72f9836345adb
                                    • Opcode Fuzzy Hash: 9457a2a43760e6011b876fac8e2fff060aed5123e74db17ae8076defa3302e1a
                                    • Instruction Fuzzy Hash: DC91BCB3F0112547F3144E29DC983A2B2939BD4314F2F42798E892B7C5E9BF1D0A9384
                                    Function 00B9E596 Relevance: .3, Instructions: 272COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 354cf3166e8f83265dd546148f7b81ced3437c7cfa7b26b58ef3d5732553f971
                                    • Instruction ID: a619c22a09efc57ff20e8032447e3c7aba80e360bd9efd037ce2c73de5f21f30
                                    • Opcode Fuzzy Hash: 354cf3166e8f83265dd546148f7b81ced3437c7cfa7b26b58ef3d5732553f971
                                    • Instruction Fuzzy Hash: 25916BB3F1022547F3584879CD983926583DBD5320F2F82788E58AB7C9D8BE9C0A53C4
                                    Function 00BB0513 Relevance: .3, Instructions: 271COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 1563686facf682ed7eef8536192141c8b0f900d79966dba2c7e96f47cacab123
                                    • Instruction ID: a4b7e4501d8023d47ce47e074f8077072961af756216cc85a41917a352d78501
                                    • Opcode Fuzzy Hash: 1563686facf682ed7eef8536192141c8b0f900d79966dba2c7e96f47cacab123
                                    • Instruction Fuzzy Hash: 1CA19CB3F102258BF3444E68CC983B27693EB95315F2E427C8E096B7C5D97E6D09A384
                                    Function 00C12017 Relevance: .3, Instructions: 270COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: b6b0cbee2b2211182ef22b7988eaf90d28c527a1e0ccc29c4b708c56979387f0
                                    • Instruction ID: f802adfb566092e3b94ffc215a15f559aad866a7d90145ac0280a8b2fdf1d5ec
                                    • Opcode Fuzzy Hash: b6b0cbee2b2211182ef22b7988eaf90d28c527a1e0ccc29c4b708c56979387f0
                                    • Instruction Fuzzy Hash: B791ADB3F111214BF3584D68DC983A26283EBD5310F2F82788E4D6B7C4E9BE5D0A5384
                                    Function 00C792B7 Relevance: .3, Instructions: 270COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: dc4c10bb75b89b2fb7897ca041b77c150e4d9ca1bc550400bf9f32237a69307e
                                    • Instruction ID: d4450cd2f48f3cdbd7e9f51303ee9e6545fb4d8c81403c295d84645959d3bb3c
                                    • Opcode Fuzzy Hash: dc4c10bb75b89b2fb7897ca041b77c150e4d9ca1bc550400bf9f32237a69307e
                                    • Instruction Fuzzy Hash: 2C917BB3F512254BF3544D78DD883626682D795320F2F82388F18AB7C5E9BE9D0A5384
                                    Function 00C410D2 Relevance: .3, Instructions: 269COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 861a134ebba265d30619ed89714203e2b022f527b96bfb6d72d0344bcb397715
                                    • Instruction ID: 95503908d4200ed9c575c4dd95ae566aaf33adf19c9adaa449c661b20cdf24bc
                                    • Opcode Fuzzy Hash: 861a134ebba265d30619ed89714203e2b022f527b96bfb6d72d0344bcb397715
                                    • Instruction Fuzzy Hash: 23919EB3F501354BF3504D28CC983927692AB95320F2F42788E5C6B7C5D9BE6D4A93C4
                                    Function 00C2703C Relevance: .3, Instructions: 269COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: fb467ff0da910703199fecc83cf0e1a00bd275980edb816955dcf4bf18243a3e
                                    • Instruction ID: f43aad44baad220c644ae4a5094477520cd4394bf145b0b5a96835fd8cb11d5e
                                    • Opcode Fuzzy Hash: fb467ff0da910703199fecc83cf0e1a00bd275980edb816955dcf4bf18243a3e
                                    • Instruction Fuzzy Hash: 5C918FB3F1112447F7544839CD983A261839BE5325F2F83788E68ABBC9DC7E5D4A5384
                                    Function 00C890E6 Relevance: .3, Instructions: 268COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: bcc54ace80edb53bf4c975e3f8c85beef5a10e5ad027abb515943b651c0c334e
                                    • Instruction ID: 038d67f62cec7ee901f662f2685111520ad80d5ef128d07ac0d4dad333d634d9
                                    • Opcode Fuzzy Hash: bcc54ace80edb53bf4c975e3f8c85beef5a10e5ad027abb515943b651c0c334e
                                    • Instruction Fuzzy Hash: F191AEB3F111258BF3540D29DC983A27293DBD5324F3F41798A486B3C5E97E9D0A9788
                                    Function 00B982CB Relevance: .3, Instructions: 268COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 56bf49dfa87b8cae8af99ef44e7c25910d26503e2ebecf12a5e34ba824557f3f
                                    • Instruction ID: 726dca269480487dcfc1dbc307a9d9639d60a2f76b92f505c6438e3b93b35393
                                    • Opcode Fuzzy Hash: 56bf49dfa87b8cae8af99ef44e7c25910d26503e2ebecf12a5e34ba824557f3f
                                    • Instruction Fuzzy Hash: FE916EF3F111244BF3584838CD693666683DB95324F2F82388E4DABBC4E87E9D0A4384
                                    Function 00C4E38C Relevance: .3, Instructions: 268COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 129e7cc192eda92f4ee4ab49449ce6571901e8534b6b2d0b8b59fde8eef7e6cf
                                    • Instruction ID: bb877566e3ea6d7aa670982d45e25468519e97208325771de6dc0a7888865aad
                                    • Opcode Fuzzy Hash: 129e7cc192eda92f4ee4ab49449ce6571901e8534b6b2d0b8b59fde8eef7e6cf
                                    • Instruction Fuzzy Hash: E5919CB3E512354BF3804968DC583A26693AB95321F2F82788E1C6B7C5D97E6D0A93C4
                                    Function 00BE50D4 Relevance: .3, Instructions: 267COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 4142b8183de8945cbc22e8b428d207d388df0e7b78959a804d9711f7ce959fa1
                                    • Instruction ID: 31c8be0a0ca2823b5d9608adde9dd3a4b5f202793f5d15a63515806cd169d97a
                                    • Opcode Fuzzy Hash: 4142b8183de8945cbc22e8b428d207d388df0e7b78959a804d9711f7ce959fa1
                                    • Instruction Fuzzy Hash: 90918EB7F006214BF3544D69CC943927293EBA4324F2F82788F886B7C5E9BE5D095384
                                    Function 00C6E3D1 Relevance: .3, Instructions: 267COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: c9968309766aa52547ab4d673ed1d8ac910dd29f457dcfa858395228944e7641
                                    • Instruction ID: 731f48585aea4621cb6d1543f2aed3814977f44ea091607cc02920e1cddd1a1c
                                    • Opcode Fuzzy Hash: c9968309766aa52547ab4d673ed1d8ac910dd29f457dcfa858395228944e7641
                                    • Instruction Fuzzy Hash: F5918BF7F1162507F3444868CD983A265839BA5724F2F82788F5CAB7C9D8BE5D4A43C4
                                    Function 00B9701D Relevance: .3, Instructions: 266COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 629a28214569078846a94ae61163c5d647df9a083640b1617d627ba9a1dd7e5f
                                    • Instruction ID: 7fbe965dc4ae0ea111b8e29e500a18845e6a450d3f56308a6e041e0640cfcab6
                                    • Opcode Fuzzy Hash: 629a28214569078846a94ae61163c5d647df9a083640b1617d627ba9a1dd7e5f
                                    • Instruction Fuzzy Hash: 2F919DF3F506254BF3584D28CCA83A22293DBA5314F2F827C8F496B7C5D87E1D4A5288
                                    Function 00BAB067 Relevance: .3, Instructions: 265COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: c154a01a36a21013b48bacc00c4244769334565bb37ba7e9b9ed8c65502ef854
                                    • Instruction ID: 94b731d3573dff2429b9e3a47bad7eb3dc53dc03fda71fd74f809e6ad129ec24
                                    • Opcode Fuzzy Hash: c154a01a36a21013b48bacc00c4244769334565bb37ba7e9b9ed8c65502ef854
                                    • Instruction Fuzzy Hash: E191B1F3F6162547F3884978CDA93622583DBA5304F2F823C8F49AB7C5E87E9C095284
                                    Function 00B9E140 Relevance: .3, Instructions: 265COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 8d8dda33c8d0efbff12227a6d7b1b8c3fb6d161687e3d9f95705ca374ea836a9
                                    • Instruction ID: c0ead8e8af4a13268c97c8abdad3de6f66a9ec4f16178b63e326e0829e9a9d86
                                    • Opcode Fuzzy Hash: 8d8dda33c8d0efbff12227a6d7b1b8c3fb6d161687e3d9f95705ca374ea836a9
                                    • Instruction Fuzzy Hash: 4F91ABF3F116254BF3444929DDA83A26643DBE1320F2F82788E596B7C5EC7E5D095384
                                    Function 00C39274 Relevance: .3, Instructions: 265COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 2883484f71076b2fbb3f3e104b8f241edd38cfabb1542652bae2a571e7bf6866
                                    • Instruction ID: f8c0eacc470772ef03bde8a755b15c58aa3437cd57bedb83325f3f8350272443
                                    • Opcode Fuzzy Hash: 2883484f71076b2fbb3f3e104b8f241edd38cfabb1542652bae2a571e7bf6866
                                    • Instruction Fuzzy Hash: 6D916AB3F112214BF3544D29DD983627693DBD5314F2F82788E0CAB7C5D9BEAD0A5288
                                    Function 00C1243D Relevance: .3, Instructions: 265COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: f51c6db630a55a9e7ed75af4c5189a8dd5f5ee2c5347c1e12a4fd795b96b7d5f
                                    • Instruction ID: bf542a94ce6c908ec2d8241cf4c2f884ad02d9c23257ea4f0690559cd777ba23
                                    • Opcode Fuzzy Hash: f51c6db630a55a9e7ed75af4c5189a8dd5f5ee2c5347c1e12a4fd795b96b7d5f
                                    • Instruction Fuzzy Hash: 0E9158F3F111254BF3544929CC583A26683DBE5320F2F82788E5CAB7C5E97E5D4A5384
                                    Function 00C261B8 Relevance: .3, Instructions: 264COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 044780dfacd5181e60f76a3f4aa669c0c28d868e545a2852d7abc91442155684
                                    • Instruction ID: 86518b3a381f0f6817dd0f60776805deb75635ee29f847214ab9d156980c8325
                                    • Opcode Fuzzy Hash: 044780dfacd5181e60f76a3f4aa669c0c28d868e545a2852d7abc91442155684
                                    • Instruction Fuzzy Hash: D2916AF3F112214BF3548969DD983A26283DBD5321F2F82788E4C6BBC4D97E5D4A5388
                                    Function 00C202CC Relevance: .3, Instructions: 264COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 2e7905c98f85468956610c34638bdfdfefe44a29869b87235f812a4192156d42
                                    • Instruction ID: b21a8677351091beb76a145cdbadf4f1b5c26489975b8db19a33b9ca7b80392c
                                    • Opcode Fuzzy Hash: 2e7905c98f85468956610c34638bdfdfefe44a29869b87235f812a4192156d42
                                    • Instruction Fuzzy Hash: 3691C0B3F111258BF3544E28DC983A27253EBD5310F2F81798A485B7C5DA7F6D1A9384
                                    Function 00BDD1CC Relevance: .3, Instructions: 261COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 30d6c6d65d8d518cadf126a9a5d65dc93304937ad0c52543db14cea88d285bea
                                    • Instruction ID: aacac2ada8d789711378594050190fdb961894cfda78345a9d63f1f56f2f9b12
                                    • Opcode Fuzzy Hash: 30d6c6d65d8d518cadf126a9a5d65dc93304937ad0c52543db14cea88d285bea
                                    • Instruction Fuzzy Hash: 499192B3F116254BF3544969DC943A2B683DBE5320F2F42388E5C9B7C5E9BE9C0A5384
                                    Function 00C9A502 Relevance: .3, Instructions: 261COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 699e315913b1736e8aab3a2328bd9f52bf594dd01cfd45f29cb3780376772b09
                                    • Instruction ID: 7bea649ae79f18bfae49f1d7603ff6d61b4d67fdae5a2be5452c9c7de05a8ac1
                                    • Opcode Fuzzy Hash: 699e315913b1736e8aab3a2328bd9f52bf594dd01cfd45f29cb3780376772b09
                                    • Instruction Fuzzy Hash: F2918DB3F512254BF3544878CD983A26A83DBD5324F2F82788E5C6B7C5D8BE5D0A5388
                                    Function 00C33155 Relevance: .3, Instructions: 260COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 2e97ad14ed8c7d5f8b6c6d3c952571936019a4ffe347c91f9dbf1945bb9e381c
                                    • Instruction ID: 4e6f5c860556240887789f570f69bd95db46cf2f621e32d9fa1196cd3557862e
                                    • Opcode Fuzzy Hash: 2e97ad14ed8c7d5f8b6c6d3c952571936019a4ffe347c91f9dbf1945bb9e381c
                                    • Instruction Fuzzy Hash: 889190B7F502214BF3584D69DC983A26283DBD5324F2F827C8F58AB7D1D9BE5D0A4284
                                    Function 00B9D163 Relevance: .3, Instructions: 260COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: c4205b52789532b17d4c9b52c06625af17d8501a4c308aceb3b8df8eb1d3acca
                                    • Instruction ID: 7ace702802af6762f00962d0c56fe5916695e6e36d34b8b3b9ea229d3368154c
                                    • Opcode Fuzzy Hash: c4205b52789532b17d4c9b52c06625af17d8501a4c308aceb3b8df8eb1d3acca
                                    • Instruction Fuzzy Hash: F3919FB7F1022447F3444D78CD983A2A293DB95314F1F82788F5CAB7CAD8BE9C0A4284
                                    Function 00BE82D7 Relevance: .3, Instructions: 260COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 7c082f39d5ae709ec548790f1a77f4b595225f5094f79054c31dc846ee3fde2b
                                    • Instruction ID: b18d079ae9e3fb9bd52fda6abdb045e71cefc19ab5bf8602413abffe7764ee7d
                                    • Opcode Fuzzy Hash: 7c082f39d5ae709ec548790f1a77f4b595225f5094f79054c31dc846ee3fde2b
                                    • Instruction Fuzzy Hash: C0919AB3F515244BF3548D2ACC583627293DBD5320F2F82798E886B7C5E97E9D069384
                                    Function 00BB63F6 Relevance: .3, Instructions: 259COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 703157722f607911ea488c7403386e5f4f4de3b5be5c2d3c00003ec8152ccfb5
                                    • Instruction ID: 2b7e8e9f1f35f0d7d1a2ac737063a08bf3b58fcaaa859d56c12ff1e696007a5a
                                    • Opcode Fuzzy Hash: 703157722f607911ea488c7403386e5f4f4de3b5be5c2d3c00003ec8152ccfb5
                                    • Instruction Fuzzy Hash: 3F918DB3F102254BF3544D79CD983A27683DB95324F2F82788E996BBC9D8BE5D094384
                                    Function 00C1D25E Relevance: .3, Instructions: 257COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 082fef95199f1359f77e6e51a2b587bf01eddb6c74076ca23be2e4ae745d8062
                                    • Instruction ID: f6cfe2971b7cdcfa197654f1ef86e0175d6d43500ea8e301dca8c658af78ddd3
                                    • Opcode Fuzzy Hash: 082fef95199f1359f77e6e51a2b587bf01eddb6c74076ca23be2e4ae745d8062
                                    • Instruction Fuzzy Hash: CF91ABB3F112254BF3484969CD683A27643DB95310F2F42388F59AB7C1E8BE9D4A5388
                                    Function 00BAA0D6 Relevance: .3, Instructions: 254COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 52134e104a6ce11bc60da0446e7d14076fc58436898e088ddbf9c95db3a96696
                                    • Instruction ID: 03467448b71a6b0ae0a7d21efca02e825f792c04351b0f84e93fb59b31ae821f
                                    • Opcode Fuzzy Hash: 52134e104a6ce11bc60da0446e7d14076fc58436898e088ddbf9c95db3a96696
                                    • Instruction Fuzzy Hash: EB9199F7F1162147F3540A69DC983A262939BA5310F2F41388E4C2B7C5E9BE5D1A93C4
                                    Function 00BE11D8 Relevance: .3, Instructions: 254COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: b05549dfa83f00cd4989661258dccb92cb132167d835b77a9b989a633dafbcda
                                    • Instruction ID: f5a40f5f07f35ed33f3aced442429c4452b557570fdb2538d572d4bd281472e3
                                    • Opcode Fuzzy Hash: b05549dfa83f00cd4989661258dccb92cb132167d835b77a9b989a633dafbcda
                                    • Instruction Fuzzy Hash: 43819BB3F506254BF3544D69DC883A26643DBD4324F2F82788E4CAB7C5D9BE5D0A5388
                                    Function 00C471E7 Relevance: .3, Instructions: 253COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 945424aad1c2b9ac1aa9b42f93a0e0c2d95398f3e585d5389ed01a9b400063c9
                                    • Instruction ID: 467941e6b9859ac4ab99e849e13db654df0f19448b9bc23de454dfb314f60355
                                    • Opcode Fuzzy Hash: 945424aad1c2b9ac1aa9b42f93a0e0c2d95398f3e585d5389ed01a9b400063c9
                                    • Instruction Fuzzy Hash: 189158B3F111254BF3844D28CCA83626293ABD5324F3F82398E596B7C5DD3E6D1A5388
                                    Function 00C3245B Relevance: .3, Instructions: 253COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: dc8896690259943e01df32c9949d98e565dd596c9be38e0c6dfd66f6cfee6843
                                    • Instruction ID: f968acd3bf731d3ef2a33018f124ac7b677df4ca159cf168abc22e990f38ff5f
                                    • Opcode Fuzzy Hash: dc8896690259943e01df32c9949d98e565dd596c9be38e0c6dfd66f6cfee6843
                                    • Instruction Fuzzy Hash: AB917FB3F111248BF3504D69CC983A17693EB95321F2F42788E5C6B7C5E9BE5D099384
                                    Function 00BA86AC Relevance: .3, Instructions: 253COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 0d589e9376661432ad7604d5b279ee6d9c704b94420f7bffa47ea48f04951568
                                    • Instruction ID: fe91b67d16b1b0a4283d76af0257652fd87de863921ed5fa46f1ff160a565ce8
                                    • Opcode Fuzzy Hash: 0d589e9376661432ad7604d5b279ee6d9c704b94420f7bffa47ea48f04951568
                                    • Instruction Fuzzy Hash: 49917AB3E112254BF3544D28CC983A26683DBA5324F2F42788F5C6B7C5D97F6D469388
                                    Function 00B9C481 Relevance: .3, Instructions: 252COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: f887aeb1feb9308cde4bbc5c39f968f8d5e4dd8933857c7fc50d4cf06939913a
                                    • Instruction ID: b849a896a2ebb6f1754366c80dda4521f0ccebb5f5f6904a65d59f0950ba0e17
                                    • Opcode Fuzzy Hash: f887aeb1feb9308cde4bbc5c39f968f8d5e4dd8933857c7fc50d4cf06939913a
                                    • Instruction Fuzzy Hash: D48186B3F101254BF3584D29CC583A27683DBD5320F2F82798E49AB7C4D97EAC4A9784
                                    Function 00BC30CA Relevance: .3, Instructions: 251COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 479d2f5afcb1c714880ff462719c45996bf9ce6a355d67833abb2c46298048d7
                                    • Instruction ID: b770ad1b8f41a5415e107b9e3aea8eec800f9189c9d86102e5d614be7a926343
                                    • Opcode Fuzzy Hash: 479d2f5afcb1c714880ff462719c45996bf9ce6a355d67833abb2c46298048d7
                                    • Instruction Fuzzy Hash: B69167B3F115244BF3544D69CC943A27283EBD5324F2F82788E48AB7C5D97EAD0A9784
                                    Function 00BB5203 Relevance: .3, Instructions: 251COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 4a225d1ad51ced9ad231bf73724ed4c37efa1fb1ce02e251aa6935320c71fe8e
                                    • Instruction ID: 5ac4ce33e6ee878b148ff4710287df5303ee25fe49a253e9413ce5fb756dac0a
                                    • Opcode Fuzzy Hash: 4a225d1ad51ced9ad231bf73724ed4c37efa1fb1ce02e251aa6935320c71fe8e
                                    • Instruction Fuzzy Hash: 02914BB7F011258BF3504E29CD983A27653EBD5310F2F82788E482BBC8D97E5D4A9784
                                    Function 00BF42FA Relevance: .2, Instructions: 250COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: c05337bfe8accfa5dc60a191b1d11baf18062047657dafec2fe8b7573cb7574d
                                    • Instruction ID: f162ef39f2a59b254b6fbbc296d01035e2b6bac22bdd21599622d158d92555a6
                                    • Opcode Fuzzy Hash: c05337bfe8accfa5dc60a191b1d11baf18062047657dafec2fe8b7573cb7574d
                                    • Instruction Fuzzy Hash: AB919FB3F101258BF7484E28CCA43B17693DB95310F2F417D8A4A9B3C1D9BEAD1A9784
                                    Function 00B9C081 Relevance: .2, Instructions: 248COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 0512f9a206026ba8de0611c8b22e69f472b0b8e905adbda49eb93867ea7dd744
                                    • Instruction ID: 1ec0fa9f2229b2e08f293420830f87a9b975c35910ced0c342b16d2030796326
                                    • Opcode Fuzzy Hash: 0512f9a206026ba8de0611c8b22e69f472b0b8e905adbda49eb93867ea7dd744
                                    • Instruction Fuzzy Hash: E48189B3F116214BF3544D28CC583A27683DB95321F2F82788E5CAB7C5D9BE6D0A9384
                                    Function 00BF528D Relevance: .2, Instructions: 248COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: b1d42a7c47a2adc936b4f6a5356f49ba96c94468666a6e0a39d6c68bf0cd9b62
                                    • Instruction ID: 644459ba366a08898d44ac5d9a1a5d3a3b2a7a4b72ba0d11a91e8ed11f296667
                                    • Opcode Fuzzy Hash: b1d42a7c47a2adc936b4f6a5356f49ba96c94468666a6e0a39d6c68bf0cd9b62
                                    • Instruction Fuzzy Hash: 8F819DF3F106244BF3544968CC683626682DBA5324F2F82798F5DAB7C5E97E4D0A43C8
                                    Function 00C862DD Relevance: .2, Instructions: 246COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 8d5942bff240686b0433635e362bbb4dc00139b33a6689f5e271f5fb600dccfb
                                    • Instruction ID: a2b46b23a902a7bd1bcb7097c16b3244835f9c3cd933737d17395fa0ff144dcc
                                    • Opcode Fuzzy Hash: 8d5942bff240686b0433635e362bbb4dc00139b33a6689f5e271f5fb600dccfb
                                    • Instruction Fuzzy Hash: 7E819CB3E111254BF3504D68DC983A27283DBD4325F2F81788E58AB7C5E97EAD1A9384
                                    Function 00C1441C Relevance: .2, Instructions: 244COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 2df5a2028f74450f049d36af8b77407fa82ed4049e25426e06760550451ea051
                                    • Instruction ID: dd5a60314c861f660c6d9e6ed8efda5634714632a118aa3fc37f6ade0d215ac8
                                    • Opcode Fuzzy Hash: 2df5a2028f74450f049d36af8b77407fa82ed4049e25426e06760550451ea051
                                    • Instruction Fuzzy Hash: C3819CF3F112254BF3144D29CC983A2B2839B95324F2F42798E4C6B7C1E9BE9E455384
                                    Function 00C0B01C Relevance: .2, Instructions: 243COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: c42b50e77a918687541b50150b0604fa97565cec441022287635d4c0b7bb6170
                                    • Instruction ID: 83e2f91dc60d65a0dedfd6b6837d9cea1e72407029a2a3bc0e8bd98f4a8b1ba9
                                    • Opcode Fuzzy Hash: c42b50e77a918687541b50150b0604fa97565cec441022287635d4c0b7bb6170
                                    • Instruction Fuzzy Hash: C98149B3F112264BF3544968DC583B27693DBA4320F2F42398F49AB7C5E97E5D0A9384
                                    Function 00BA6246 Relevance: .2, Instructions: 243COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: e591159d7062fb1b0c72c54987edb64ec79d64bf0a35183f0b14bcbc8bfab166
                                    • Instruction ID: e317d1bcf11b44f591abc84c9695a572ada907e694e90ccc02593d53ba134dfe
                                    • Opcode Fuzzy Hash: e591159d7062fb1b0c72c54987edb64ec79d64bf0a35183f0b14bcbc8bfab166
                                    • Instruction Fuzzy Hash: 74817EB3F222254BF3444D39CD593A22643DBD5321F2F82788A589B7C9DCBE9D0A5384
                                    Function 00BAA4D1 Relevance: .2, Instructions: 242COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 2eb267e48c60a22140c3a5650bd408b1aec37312d33e7c70349bc62d9466934b
                                    • Instruction ID: 4c1522326efd33d33931772b9f7e9fa248de0c480a4e27dd02f5d044e7d4a28c
                                    • Opcode Fuzzy Hash: 2eb267e48c60a22140c3a5650bd408b1aec37312d33e7c70349bc62d9466934b
                                    • Instruction Fuzzy Hash: E7819BB3F102254BF3540D69DC983A27693DB99310F2F82798E48AB7C5D9BF5D0A9384
                                    Function 00C450ED Relevance: .2, Instructions: 241COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: b1cb55dacfe085ddf4f5f3ba73609e1534d94c34954c1436aace10383e9501be
                                    • Instruction ID: 658fec9646458f964aa556dd71b7a6dbbf52e999de37f6baaf15dfe12dddfcc5
                                    • Opcode Fuzzy Hash: b1cb55dacfe085ddf4f5f3ba73609e1534d94c34954c1436aace10383e9501be
                                    • Instruction Fuzzy Hash: 168159F3E111254BF3504D68DD583927653AB94325F2F82388E8C6BBC5E97F9D0A9388
                                    Function 00BFA5E5 Relevance: .2, Instructions: 241COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 86f608b6affb6dddda8db05d420892afcce86d6604f8b2e9ca5ee05ba4c35427
                                    • Instruction ID: d179e0b478b32c247c7f1b9a942b2808b87ffb7b5f0f16bd40aa4bacfe7d38ed
                                    • Opcode Fuzzy Hash: 86f608b6affb6dddda8db05d420892afcce86d6604f8b2e9ca5ee05ba4c35427
                                    • Instruction Fuzzy Hash: 72818FB3F111254BF3484D69CCA83B27693EB95310F2F827C8A499B3C5D9BE5D4A9384
                                    Function 00BA52F4 Relevance: .2, Instructions: 238COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 824ea79a88717fd425d5deb9bde0984dd79974ec871fbdb990c81947a06f8d7a
                                    • Instruction ID: b7ea5ca0780d7f26d2c03647183e80259348eb27c93d409692bd2dec5f51da9f
                                    • Opcode Fuzzy Hash: 824ea79a88717fd425d5deb9bde0984dd79974ec871fbdb990c81947a06f8d7a
                                    • Instruction Fuzzy Hash: F3818CB7E111258BF3504E29CC083A2B793DBD4720F2F82798E486B7C4D97EAD569384
                                    Function 00C363C2 Relevance: .2, Instructions: 236COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 3655b447f2bc5e08b50dc9f294d3b3bc3c04d23303c8652067d92901339e67ad
                                    • Instruction ID: 71ecd1aafd91e095dd50b81450909da2ee7ca407de39cc2e44478cdb7b8089fe
                                    • Opcode Fuzzy Hash: 3655b447f2bc5e08b50dc9f294d3b3bc3c04d23303c8652067d92901339e67ad
                                    • Instruction Fuzzy Hash: 7A81BEF3F1122647F3944D68DC993A26643DBA0324F2F82388F496B7C5E9BE8D095384
                                    Function 00C1C0F7 Relevance: .2, Instructions: 235COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: f25d892393519a36c2a337a941f05a4eae9c285b19360e83d66917d79de9aed5
                                    • Instruction ID: c535f8180e48d3d7b5955a334e2f67d61e41a101fc14d520bcb9e5cf10ab7f0a
                                    • Opcode Fuzzy Hash: f25d892393519a36c2a337a941f05a4eae9c285b19360e83d66917d79de9aed5
                                    • Instruction Fuzzy Hash: 3381EDB3E002254BF3504D68CC983A272939B95320F2F42788E9C6B7C4E97F5D5693C4
                                    Function 00C4C540 Relevance: .2, Instructions: 234COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 0eeb28fd6c4cd5a05ed497446638a799c66d98d702b25a0cde4e21b0bdd48b9b
                                    • Instruction ID: b883473010d551dffc4d3612e77087a896f4025465780376f479281eb527321a
                                    • Opcode Fuzzy Hash: 0eeb28fd6c4cd5a05ed497446638a799c66d98d702b25a0cde4e21b0bdd48b9b
                                    • Instruction Fuzzy Hash: AF818CB3F111204BF3544D29DC683A26283DB95325F2F827C8F996B7C5D9BF2D4A9284
                                    Function 00C80143 Relevance: .2, Instructions: 232COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: aa917b68c558bb9d2089f21cb8c70b28e1239112d49b3965255244ad800d919a
                                    • Instruction ID: 794ce1b3dd30261f463ab33a482170ccf523e75ff496be8f6ffd1f6ded7d158c
                                    • Opcode Fuzzy Hash: aa917b68c558bb9d2089f21cb8c70b28e1239112d49b3965255244ad800d919a
                                    • Instruction Fuzzy Hash: 1D816BB3F111254BF3544E29CC983A27292DB95320F2F427C8E89AB7C4D97F6D4A9284
                                    Function 00C105C8 Relevance: .2, Instructions: 232COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 685fc766c63dacb2ce30051074da68e8b7977259fa23a24f9e4e5faf9a9d30c4
                                    • Instruction ID: e220eec711529d0cb595ba60b04b2ad5e7f246ece28a817da96dd6dbd8ff5ffc
                                    • Opcode Fuzzy Hash: 685fc766c63dacb2ce30051074da68e8b7977259fa23a24f9e4e5faf9a9d30c4
                                    • Instruction Fuzzy Hash: FD8177B7F212254BF3944D28CC983A26243EBD5314F2F81788E4C6B7C5D97EAD4A9384
                                    Function 00C24275 Relevance: .2, Instructions: 230COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 71e069124b53a73773cc80e6239a0f9dcf1e33c86690636673bbf9cc2c3140e6
                                    • Instruction ID: 5cccedd5d2e6ebd23d0b275eba359ad95c9dedfcafe7ece935d669f866b46f63
                                    • Opcode Fuzzy Hash: 71e069124b53a73773cc80e6239a0f9dcf1e33c86690636673bbf9cc2c3140e6
                                    • Instruction Fuzzy Hash: 6471BEB3E4022547F3584D68DCA8362A283DB95320F2F427D8F496BBC5DDBF5C0A9284
                                    Function 00BAC19D Relevance: .2, Instructions: 229COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: ee4d3a389c2619fdca918881bd31b439de976e4ec7dd37fbd645e99dbb2e6598
                                    • Instruction ID: abd1458617d65a6aea3976e7f97faa23072c2aa041e1a5b2a6d462212f0107b1
                                    • Opcode Fuzzy Hash: ee4d3a389c2619fdca918881bd31b439de976e4ec7dd37fbd645e99dbb2e6598
                                    • Instruction Fuzzy Hash: 9F71CFB7F506254BF3484DA4DCA83A27292DB95324F2F417C8F496B3C2E9BE5D099384
                                    Function 00BB8338 Relevance: .2, Instructions: 229COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: d2c0ff844fbb40aa7f4c02262045bc7033fde2327a672b04e22337baf4b0ded7
                                    • Instruction ID: 7c47300bc7d990a32144897da3f897518c1c6c4b8ef392d0d3884447a35fa7e6
                                    • Opcode Fuzzy Hash: d2c0ff844fbb40aa7f4c02262045bc7033fde2327a672b04e22337baf4b0ded7
                                    • Instruction Fuzzy Hash: B2719FB3F516254BF3544D68DC943A272939B95324F2F82788F5CAB3C0E9BE9D095384
                                    Function 00C5F18F Relevance: .2, Instructions: 227COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: da992ff73fe6a49a895899269b740ef91c3b4331bf40adb0fc462130a216bafa
                                    • Instruction ID: ce5d9803fb52fe551f2770664c737220c1ec937105080f24b26476af2c3c03d0
                                    • Opcode Fuzzy Hash: da992ff73fe6a49a895899269b740ef91c3b4331bf40adb0fc462130a216bafa
                                    • Instruction Fuzzy Hash: CC81CDB3F116214BF3444D28DC983A26683DB95315F2F427C8E4DAB7C5D9BE9D099384
                                    Function 00B46571 Relevance: .2, Instructions: 227COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID: InitializeThunk
                                    • String ID:
                                    • API String ID: 2994545307-0
                                    • Opcode ID: c23903572ed7230900415f4fa226614602e8ebf6975e910347d30fcf3fd04759
                                    • Instruction ID: 77103bce57f5591c81fcca366846e663ee06c31d7c3e53c3064af01f9d9ea80b
                                    • Opcode Fuzzy Hash: c23903572ed7230900415f4fa226614602e8ebf6975e910347d30fcf3fd04759
                                    • Instruction Fuzzy Hash: 0D51C0742057008FE7298F59C891B3277E3FBA6304F1896ECD9864B762C774ED819B22
                                    Function 00C3527C Relevance: .2, Instructions: 224COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 92ecb0df2cdc8dca75cfc9a491ae2f60c07f0576b34f4b9a37648f4f30ce2e9a
                                    • Instruction ID: 393d7d96b4c85315d1288913995daa7173b66bde1faae37b940c74837f10e1a9
                                    • Opcode Fuzzy Hash: 92ecb0df2cdc8dca75cfc9a491ae2f60c07f0576b34f4b9a37648f4f30ce2e9a
                                    • Instruction Fuzzy Hash: 0E71DFF3F116268BF3404D69DC98362B253DB95320F2F42788E486B7C5E97E5D0A9388
                                    Function 00C3A3AA Relevance: .2, Instructions: 224COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 1ad0e1803643b4b0f577a53a2b34e2f924d0ec7c910fbf50daf5847f646e0795
                                    • Instruction ID: 6f2bae4d3c73a8434b5644481aec1fbae37f3cfb984c5499c945565489b0ff40
                                    • Opcode Fuzzy Hash: 1ad0e1803643b4b0f577a53a2b34e2f924d0ec7c910fbf50daf5847f646e0795
                                    • Instruction Fuzzy Hash: 2F7179B3F1122547F3400D29CC983A26693EBD5320F2F42788E5C6B7C5D97E6D1A5384
                                    Function 00C9A17F Relevance: .2, Instructions: 223COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: bab181dae09586b2083d4aa5763894932b0b8d52bc42c797c8f3f2eecde1dbbf
                                    • Instruction ID: 8920e693ed7adf2add0036052fc975fc62660be5e2e3c7a93e7c81930e2f2b18
                                    • Opcode Fuzzy Hash: bab181dae09586b2083d4aa5763894932b0b8d52bc42c797c8f3f2eecde1dbbf
                                    • Instruction Fuzzy Hash: 2671A9B3F111254BF3544D79CD583A2A6839BD1320F2F82788E5C6BBC8E9BE5D0A5284
                                    Function 00B9243A Relevance: .2, Instructions: 223COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 5f23c003d6e82a880e58f53ec45704bc14df46ca025b9b1f6b63b88c385d4bea
                                    • Instruction ID: b216debfcb6486cf253bac1fb27e41d6d04b0ed747a889455df9c565ec17b2b1
                                    • Opcode Fuzzy Hash: 5f23c003d6e82a880e58f53ec45704bc14df46ca025b9b1f6b63b88c385d4bea
                                    • Instruction Fuzzy Hash: E67190B3F115344BF3504D69DC943A27292DB99310F2F41788E886B7C6E9BE6D4993C4
                                    Function 00BCB1C2 Relevance: .2, Instructions: 222COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 2c428f4fa34c70252bb21b4f745aec74ba18309caa62c7ac231693d82069db37
                                    • Instruction ID: 09943de23e5b6cfe0eea8fe7c8a16905f6f2db6500a58f0ae92659a38e0a36dc
                                    • Opcode Fuzzy Hash: 2c428f4fa34c70252bb21b4f745aec74ba18309caa62c7ac231693d82069db37
                                    • Instruction Fuzzy Hash: 6F719BB7F511244BF3944D39CC583A62283DBE4314F2F81388E886B7C9E9BE6C0A5384
                                    Function 00C183CD Relevance: .2, Instructions: 222COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 009dea643ea432386a3cc3fb760ebc733bdd9b38ab95cfe650b5b21cb11d731b
                                    • Instruction ID: af10a2efdef16b05b7f1db1f7e4a10ca8d8d13b8a5f3f978d8d41ae804bf14e0
                                    • Opcode Fuzzy Hash: 009dea643ea432386a3cc3fb760ebc733bdd9b38ab95cfe650b5b21cb11d731b
                                    • Instruction Fuzzy Hash: 2F718CB3F111254BF3544E29CC983A27693ABD5320F2F42788E896B7C5D97E5D0A5384
                                    Function 00B94407 Relevance: .2, Instructions: 222COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: e56a472f1555873e86849f7d905393659d3208b85557013e67426e00e47cdeef
                                    • Instruction ID: 365d87343ec2c3fb7578d0beda4848d04db781c3eb84c25005bf68fdb5c60bfc
                                    • Opcode Fuzzy Hash: e56a472f1555873e86849f7d905393659d3208b85557013e67426e00e47cdeef
                                    • Instruction Fuzzy Hash: 2771D3B3F112258BF3504E69DC983627293EB95310F2F827C8E586B7C9D97E6D099384
                                    Function 00C002C8 Relevance: .2, Instructions: 220COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: d9b6f2954b66309623b4150a4710e43b5605b0dc57a7c10dfbfaa85a72cc3161
                                    • Instruction ID: 17910613097eb79835cd5ab279256735022ba7667234906e3c4da5c5332c2a8f
                                    • Opcode Fuzzy Hash: d9b6f2954b66309623b4150a4710e43b5605b0dc57a7c10dfbfaa85a72cc3161
                                    • Instruction Fuzzy Hash: 9B719FB3F102244BF3844D25CC993A27293EBD5311F2F81798A495B7C9DD7EAD4A9388
                                    Function 00C1524F Relevance: .2, Instructions: 220COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: c81146b4d3f04a9eabb0c386ff8a58c4e60249317005059e18a0846b88e2e35f
                                    • Instruction ID: 316acb23ea22282405a7a7e07780911ff3d76069679b7dd4e28c485034d4ad0a
                                    • Opcode Fuzzy Hash: c81146b4d3f04a9eabb0c386ff8a58c4e60249317005059e18a0846b88e2e35f
                                    • Instruction Fuzzy Hash: 487145F3E2162547F3544D29DC583A26683DBA5320F2F82788E8C6B7C6D97F5D0A5388
                                    Function 00BBC082 Relevance: .2, Instructions: 219COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 56d9c78d638e4595fb320a12a63563ec1e5e0991cc87c99aafee4816333f30c4
                                    • Instruction ID: 365c9a6a2c3718e7a699b38f40a905bf646bca7f562b4c6ee27ac4ad726acfc8
                                    • Opcode Fuzzy Hash: 56d9c78d638e4595fb320a12a63563ec1e5e0991cc87c99aafee4816333f30c4
                                    • Instruction Fuzzy Hash: BB714BB3F101254BF3544D29CD583A27693DB95310F2F827C8E4CAB7C5D87E6D0A9288
                                    Function 00C443D5 Relevance: .2, Instructions: 218COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: ca15898fa0a5872084d003bb6036a1a16e6a1f58ec8209f4a80b79f6dd4b1594
                                    • Instruction ID: 26a2619c4ce329657237e431d308e1ec97c0ea712dc888b6905412efde4cbc53
                                    • Opcode Fuzzy Hash: ca15898fa0a5872084d003bb6036a1a16e6a1f58ec8209f4a80b79f6dd4b1594
                                    • Instruction Fuzzy Hash: AA718BF3E5163547F3540D68DC983A2A682E7A5320F2F42388E1CAB7C5ED7E6D0952C8
                                    Function 00BC2577 Relevance: .2, Instructions: 218COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 11c7b57b6c9db00accfaca28fd62c28490e34e1ef2a1017f5f8a29f1d88d40e9
                                    • Instruction ID: 88adc43f40328e915cd789618886a0d4d9d9f0a6f27c6864cb61e56d6e92f835
                                    • Opcode Fuzzy Hash: 11c7b57b6c9db00accfaca28fd62c28490e34e1ef2a1017f5f8a29f1d88d40e9
                                    • Instruction Fuzzy Hash: 66718AB3F511254BF3584D79CC683A266839BD5320F2F82788E5C6B7C4D8BE5D4A5388
                                    Function 00BB7031 Relevance: .2, Instructions: 216COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 9fb804a418b5f26d9605a1e1ab35d6016bf6e3e780b1c334cfc1a29f85c7444a
                                    • Instruction ID: 59032eb3c38a5651abcde25ad29381a690ba5c0209166fdcd5ef051f7db8719b
                                    • Opcode Fuzzy Hash: 9fb804a418b5f26d9605a1e1ab35d6016bf6e3e780b1c334cfc1a29f85c7444a
                                    • Instruction Fuzzy Hash: 5C719DB3F111258BF3444E69CC583627293DBD5320F2F42798E596B3C4D9BEAD0AA784
                                    Function 00C7B1D1 Relevance: .2, Instructions: 214COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 525fe43fc5468c35cbd9453640885c5e348b95e73bd370439d9ad7b705634767
                                    • Instruction ID: 9365aeb334162702802ac3d5ab9d5b07166d1c9e9fc97c9ee67374034564dc8e
                                    • Opcode Fuzzy Hash: 525fe43fc5468c35cbd9453640885c5e348b95e73bd370439d9ad7b705634767
                                    • Instruction Fuzzy Hash: 08717CB3F101254BF3584E69CC583627282DB95320F2F42798F59AB3C1D9BFAD069384
                                    Function 00C57035 Relevance: .2, Instructions: 211COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 3eb5b2a21337fdb2595a0a226d3a7ce416bd5f4e9456777b942f107fa13cfcd5
                                    • Instruction ID: 5a158d5e3061a0e4931f7458cb39f1e28defb3b42c52db24d7845aaca4456c73
                                    • Opcode Fuzzy Hash: 3eb5b2a21337fdb2595a0a226d3a7ce416bd5f4e9456777b942f107fa13cfcd5
                                    • Instruction Fuzzy Hash: C6718CB3F001258BF3548E29DC543627293EBD5714F2F827D8A889B7D4E97E6C4A9384
                                    Function 00C8C319 Relevance: .2, Instructions: 211COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: c78930f03f47ccd84319d5919e98fc3d6bdfce5c240545567386fc7b615e06fe
                                    • Instruction ID: 5df135ded3e439e57381517a2ff40196507edccdf396add46fa548129ea67495
                                    • Opcode Fuzzy Hash: c78930f03f47ccd84319d5919e98fc3d6bdfce5c240545567386fc7b615e06fe
                                    • Instruction Fuzzy Hash: A0716CB3F102254BF3404D79CD983A266939BD5320F2F82788E5C6B7C9D9BE9D4A5384
                                    Function 00BF0067 Relevance: .2, Instructions: 210COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: b066402321c959898bd68f1646c5d4266bf9a3215491a6795bfa216780c207bf
                                    • Instruction ID: b7f302ab703c2f2741b8c49fc834df12d7b33daeb22efc416a5a3ffdaadc4b04
                                    • Opcode Fuzzy Hash: b066402321c959898bd68f1646c5d4266bf9a3215491a6795bfa216780c207bf
                                    • Instruction Fuzzy Hash: A5619EB3F1212547F3400D68DC983A276839BD5325F3F42788E986B3C6E97E5D0A9384
                                    Function 00C5B0AA Relevance: .2, Instructions: 209COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 3de94e9300dca1068ecad303d2619287d0c21351b7ee3edbc3a01a14160fa507
                                    • Instruction ID: ea5c3c7a9f56e7d9bfe73811c164584143725d35ac109f2821889e12dd013c31
                                    • Opcode Fuzzy Hash: 3de94e9300dca1068ecad303d2619287d0c21351b7ee3edbc3a01a14160fa507
                                    • Instruction Fuzzy Hash: EF6124F3A1C3009FF3085E69EC8573ABBE5EB84320F254A3DEAD4D3384E97958448656
                                    Function 00C05090 Relevance: .2, Instructions: 208COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 24cb9a9d9e0addd8556c54848a171ee90ff5912964a5b4571a62347abab7b527
                                    • Instruction ID: f7a20ccca851ab05df123b545b6651d4b3e19e5bef8d743d161219212f9aeae4
                                    • Opcode Fuzzy Hash: 24cb9a9d9e0addd8556c54848a171ee90ff5912964a5b4571a62347abab7b527
                                    • Instruction Fuzzy Hash: B77188B3F112208BF7444E69DCA83A67643EB99324F2F41788B496B3C5D9BF5D099384
                                    Function 00CA126B Relevance: .2, Instructions: 205COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: cfaad9286fdffa1e0a6e182e09b8554608239b22f579fd7b0b650499d7667bac
                                    • Instruction ID: 2f835570e41be47fab711bb92b0d50d06b90b2e5aa20fe885b535dbbcdf5fa95
                                    • Opcode Fuzzy Hash: cfaad9286fdffa1e0a6e182e09b8554608239b22f579fd7b0b650499d7667bac
                                    • Instruction Fuzzy Hash: 1661AAB3F111254BF3544D28CC583A27693DBD5310F2F82788E486BBC8E97E6D0A9288
                                    Function 00B964C4 Relevance: .2, Instructions: 201COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 0223047bd1a23fa190ae7b2c13463751c46cbfcdf72a8e140f780e1646e70d66
                                    • Instruction ID: 932249b1470c580da37eb263ca2a0ef9e6136856b817af851a0fefd541a3fd14
                                    • Opcode Fuzzy Hash: 0223047bd1a23fa190ae7b2c13463751c46cbfcdf72a8e140f780e1646e70d66
                                    • Instruction Fuzzy Hash: 92618CB3E111244BF3944E29CC983A27293DB95320F2F82798E585B7C5E97F6D499384
                                    Function 00C772C6 Relevance: .2, Instructions: 200COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 7ce04c90dc31c7632ab94fa4c51642f77cddc6fba331beeaa41e76fe072dc3c8
                                    • Instruction ID: fca2b26d1247116270b003124cf20268e8e9b990f0eda444c8024107872b1da9
                                    • Opcode Fuzzy Hash: 7ce04c90dc31c7632ab94fa4c51642f77cddc6fba331beeaa41e76fe072dc3c8
                                    • Instruction Fuzzy Hash: D76179F3F116254BF3444D28CC583A27693EB95320F2F82788E5D6B7C5D97EAD095288
                                    Function 00C3D248 Relevance: .2, Instructions: 200COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 223d126d23f78ab94678b1eef822c19a832d2594e70b5fd42f1eedb26ee3174a
                                    • Instruction ID: a98efa7b20b8db27c4d19d45e0be5255d8961455c71af3f71fdd960ba7eac856
                                    • Opcode Fuzzy Hash: 223d126d23f78ab94678b1eef822c19a832d2594e70b5fd42f1eedb26ee3174a
                                    • Instruction Fuzzy Hash: 72616FB3F116204BF3544928CC983A27693DB95324F2F42788E9CAB7C5D9BF9D495384
                                    Function 00BCE456 Relevance: .2, Instructions: 197COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 42fe0b77266be9673f31f92eeb3d10cc4411d0d1c86fb2fb39e6d1c0cb06a0b3
                                    • Instruction ID: b1bbffdd6f54c551ec6d3a3575a6deec523f175da11620013a10852a1269a9a8
                                    • Opcode Fuzzy Hash: 42fe0b77266be9673f31f92eeb3d10cc4411d0d1c86fb2fb39e6d1c0cb06a0b3
                                    • Instruction Fuzzy Hash: 84616DB3F112254BF3944D28CD583A27692DBA0310F2F817C8E896B7C5E9BF6D0A5784
                                    Function 00C0F100 Relevance: .2, Instructions: 195COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 858f0adc87f99d6a49e2709f55b31f5b8151eeeeee4da4344203d7c1629d57e6
                                    • Instruction ID: 06cf9d09840452f7a152469f6c44b9bd34fdef2b295443bd666d125b4f7870ae
                                    • Opcode Fuzzy Hash: 858f0adc87f99d6a49e2709f55b31f5b8151eeeeee4da4344203d7c1629d57e6
                                    • Instruction Fuzzy Hash: E5615AB7F516254BF3904D64DC883A276839B95320F2F42B88E5CAB3C1E9BE5D4953C8
                                    Function 00C1A17F Relevance: .2, Instructions: 193COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: c84b766167a0c01da26efe848c24da8056089acd49589a8c674d8862ee023fe3
                                    • Instruction ID: 6233542c550dac81560b5ad9eac7d496e00fc1b73d5c29244f64af0036d734c1
                                    • Opcode Fuzzy Hash: c84b766167a0c01da26efe848c24da8056089acd49589a8c674d8862ee023fe3
                                    • Instruction Fuzzy Hash: E3614DF3F2161647F3940D74CD583A26583D791314F2F82788B599B7C9D9BE9C0A5388
                                    Function 00C6711E Relevance: .2, Instructions: 190COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 6139057ad8db873f17dc82dd974a9bbd8c3e9a81948058c0deff31451b5f9d04
                                    • Instruction ID: e3c845b535156a4c28e3f44a3c5da0f8c86f647cef94553679802cda58ab20c9
                                    • Opcode Fuzzy Hash: 6139057ad8db873f17dc82dd974a9bbd8c3e9a81948058c0deff31451b5f9d04
                                    • Instruction Fuzzy Hash: 48618CB3F011258BF3508E29CC943A27383EBC5324F2F82788A585B7C5D97E6D569384
                                    Function 00B66430 Relevance: .2, Instructions: 189COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: ee3221d44487f1b55dcfb0cb7b306b7a5088c2c108d24d47baceea343636d859
                                    • Instruction ID: c328b16edab8b11c380d912350cd07e695049e3a860cbcbaeb844d3b98d12aec
                                    • Opcode Fuzzy Hash: ee3221d44487f1b55dcfb0cb7b306b7a5088c2c108d24d47baceea343636d859
                                    • Instruction Fuzzy Hash: B0515BB15087548FE714DF29D49435BBBE1FBC8318F044A2DE5E987390E779DA088B82
                                    Function 00C066D0 Relevance: .2, Instructions: 186COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 5b4de768503867aacee674b79c7161d1a5347423e3b5313ee90e8d5cb35a5f1e
                                    • Instruction ID: 3051e5c921bbc3829a86996e20a012918ea791205bbb6109963099ff9cc515b9
                                    • Opcode Fuzzy Hash: 5b4de768503867aacee674b79c7161d1a5347423e3b5313ee90e8d5cb35a5f1e
                                    • Instruction Fuzzy Hash: 0651A0B3F111258BF3544D29CC583617693DBD1320F2F82788A985BBC4D97E6D1A9384
                                    Function 00C102FD Relevance: .2, Instructions: 185COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: bd2d53b0e5a5c5bbfc8d138af3857be1997c4dfe73ae5b875b9a57c4c8391c12
                                    • Instruction ID: 977b9e31d758dd1bdfda90ab0ae55cb43ea06d143de086939ad27b1fbb200435
                                    • Opcode Fuzzy Hash: bd2d53b0e5a5c5bbfc8d138af3857be1997c4dfe73ae5b875b9a57c4c8391c12
                                    • Instruction Fuzzy Hash: D651DEB3F502254BF3544D29CC983A17283DBD5720F2F42788E5C6B7C1E97E6D069284
                                    Function 00C48198 Relevance: .2, Instructions: 180COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 445e2630dc7035ebe950caa11e2c5429390a308c31d283682d593f5247632527
                                    • Instruction ID: c6a8f75e8aabaf93d1c5d0e297ec67c9d48bbc604aa31f2991d16552aff6ef1e
                                    • Opcode Fuzzy Hash: 445e2630dc7035ebe950caa11e2c5429390a308c31d283682d593f5247632527
                                    • Instruction Fuzzy Hash: B1517EB3F102248BF3544E69DC883A17292EB95710F2F417D8E486B3C4D97F6D19A784
                                    Function 00C98036 Relevance: .2, Instructions: 174COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: a6dbc59d99b6a9b691a2c3a6a58679293d2ca07245964df8ef8a0c6f507a65f5
                                    • Instruction ID: d720010250a8d1b142ccb1c01651fae4fc4164f0f61bc734d7374009ac1657dc
                                    • Opcode Fuzzy Hash: a6dbc59d99b6a9b691a2c3a6a58679293d2ca07245964df8ef8a0c6f507a65f5
                                    • Instruction Fuzzy Hash: 8C519BB3F006244BF3444D68DC983627293DBA5320F2F42798E1DAB3C5D97E6D4A9384
                                    Function 00B57307 Relevance: .2, Instructions: 174COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 6115b43fc91d25103481658688ec28e4a7b20c8bd7a59da34976f631d98c5f1f
                                    • Instruction ID: 5489a21c989326f19b8ea2dfe9b6539544d2f9fd41be08059f07ea290fe4e8a0
                                    • Opcode Fuzzy Hash: 6115b43fc91d25103481658688ec28e4a7b20c8bd7a59da34976f631d98c5f1f
                                    • Instruction Fuzzy Hash: 3951CBB025C3148AC724DF64E49132FB7F0EFA2355F0049ACD9D64B761EB798908DB9A
                                    Function 00C3C0D7 Relevance: .2, Instructions: 166COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: f6730aa4b12f91a9c869311675e5becbc7159a3ed7e2bf7fd8ae6fbf5993557a
                                    • Instruction ID: 43b9075bc62361124b6e80524f6884c409115e6bfc9b1fcae81165d7c8dde6ac
                                    • Opcode Fuzzy Hash: f6730aa4b12f91a9c869311675e5becbc7159a3ed7e2bf7fd8ae6fbf5993557a
                                    • Instruction Fuzzy Hash: 2051B4B7F611254BF3504D29CD483667283EB94310F2F86388E8CAB7C4D97E9D4A9384
                                    Function 00C0E139 Relevance: .2, Instructions: 165COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 6b6c1c82c2d072d7281c5d5ecf0faff6351e6e26ad1188bd07db42d6375b07a0
                                    • Instruction ID: a009ab206870024d80edee99d0f48682b2b93d589b5a57aaf0d7f94e0ef8a423
                                    • Opcode Fuzzy Hash: 6b6c1c82c2d072d7281c5d5ecf0faff6351e6e26ad1188bd07db42d6375b07a0
                                    • Instruction Fuzzy Hash: FC515AB7F116244BF7444978CDA83616643A7D5320F2F82388E6D2B7C5DDBE1D0A4284
                                    Function 00CA0186 Relevance: .2, Instructions: 160COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 86e5303e43b61e5f803a69f48feab8b2764bd7f8c6c1bfe41de548089a6d02e3
                                    • Instruction ID: 1823025517cff428b2e822b5e496d20895281b52b3226661458f7095c1ed4797
                                    • Opcode Fuzzy Hash: 86e5303e43b61e5f803a69f48feab8b2764bd7f8c6c1bfe41de548089a6d02e3
                                    • Instruction Fuzzy Hash: 825142F7E201209BF7144939CD497A67A92DBE4324F1F86789F88A73C4E43E8C0942C2
                                    Function 00CAA1CC Relevance: .2, Instructions: 154COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 0f7d032c60f345441cc0143aaa55eb64532d3581817d81101298ebb54f3d9759
                                    • Instruction ID: b05a7f0c53af35f1e74a11238316b727ee27130639dcb8886e2f5a3b491f471a
                                    • Opcode Fuzzy Hash: 0f7d032c60f345441cc0143aaa55eb64532d3581817d81101298ebb54f3d9759
                                    • Instruction Fuzzy Hash: B44138F3A182149BE354AE6CDC85777B7D9EB84310F2A463CDAC883784E93A580542C6
                                    Function 00C5056E Relevance: .2, Instructions: 152COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: b9aec0849f0ad3bf55a6b7a6ddf02615378e479ecf5e15301ae5efbcdf406149
                                    • Instruction ID: 01cea44cef4eebc556ce2e25fef0cf8c1612e87d58e225ececaf8bd20db118e5
                                    • Opcode Fuzzy Hash: b9aec0849f0ad3bf55a6b7a6ddf02615378e479ecf5e15301ae5efbcdf406149
                                    • Instruction Fuzzy Hash: F75149F3E116264BF3580D24CC583A27253DBA5320F2F42788E496B7C1E97F6D596688
                                    Function 00BEE38C Relevance: .1, Instructions: 148COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: fee19c3486b414607a75ee47583ea8e36e7902248b446d8da0747bcec68db693
                                    • Instruction ID: f4b3087d370d4974200160f2795cc9eeb705063033cd7a163a11e78e718747d4
                                    • Opcode Fuzzy Hash: fee19c3486b414607a75ee47583ea8e36e7902248b446d8da0747bcec68db693
                                    • Instruction Fuzzy Hash: F1519AB3F111244BF3484D29CCA83A26683ABD1314F3F417C8A9D9B7C1D9BE9D4A9384
                                    Function 00C502FB Relevance: .1, Instructions: 143COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: ba4599492ec36b2ab0270e24aa964b33d4b4a80ecde8181543d4bdb80e13767d
                                    • Instruction ID: 86caa0b43d5db91497f78e42f19cb0c108e8c66448852ec48e6e875f46d0fbee
                                    • Opcode Fuzzy Hash: ba4599492ec36b2ab0270e24aa964b33d4b4a80ecde8181543d4bdb80e13767d
                                    • Instruction Fuzzy Hash: DB4167B7F112254BF380496ACD483A2A643A7D5310F2F82788E4C6B7C5D9BE5D4A9388
                                    Function 00C9855E Relevance: .1, Instructions: 132COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 026a9037d1700f2e2a8bb9e6d7729b0a8f90809324b666566bd0ac7cf3465d21
                                    • Instruction ID: 29795a2a6e2edf9bb02287d72893c79d4a83a3619ff306773f0a65bbba31f6aa
                                    • Opcode Fuzzy Hash: 026a9037d1700f2e2a8bb9e6d7729b0a8f90809324b666566bd0ac7cf3465d21
                                    • Instruction Fuzzy Hash: D1419FB3F102244BF7584D28DCA43A17292E795320F2F423D9E59AB7C5DDBE6C099288
                                    Function 00BE62E7 Relevance: .1, Instructions: 123COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: dc0d8d7772fb26f24bacfadedd73fc04fba1d73629a6a538b6f5af422b8efa3f
                                    • Instruction ID: 3f9e070b0c935f51e9e4674019e24b1f3e4856bbb54256e00418146145695182
                                    • Opcode Fuzzy Hash: dc0d8d7772fb26f24bacfadedd73fc04fba1d73629a6a538b6f5af422b8efa3f
                                    • Instruction Fuzzy Hash: 004180B7F112254BF3104DB9DC443A27683DB95310F2F82789E18ABBC5D9BEAD495284
                                    Function 00B592D0 Relevance: .1, Instructions: 119COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 623e685768e04c081b0224dfd5a979e30ce3685ce5ab8583707facf18ff6ef39
                                    • Instruction ID: f8f55d70aa290d7bd4d317472429505c7c0c73b4dae9d43c69bdbe33364ca50b
                                    • Opcode Fuzzy Hash: 623e685768e04c081b0224dfd5a979e30ce3685ce5ab8583707facf18ff6ef39
                                    • Instruction Fuzzy Hash: 244117B2B193514BD71CCF25CCA276FFBA2EBC5308F15892CE5869B284CB7495078B45
                                    Function 00C3D06E Relevance: .1, Instructions: 113COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 27c633a7b15f4e670044e725fca70f1c9e0f0956138343fa1bddfe10e77e6e36
                                    • Instruction ID: 687beae958a22a1a5c8864ba9c6cccee95246b2cef87c70465aa8c79801a9f6a
                                    • Opcode Fuzzy Hash: 27c633a7b15f4e670044e725fca70f1c9e0f0956138343fa1bddfe10e77e6e36
                                    • Instruction Fuzzy Hash: 5F315AF7F1152107F7444878D95836669929B95324F2F82388F1DBBBC9E87E9D0A42C8
                                    Function 00BBB229 Relevance: .1, Instructions: 108COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 624d609a75558fc4b63bc7327f66e330394e004f7a0e1ef81abe189d910ea156
                                    • Instruction ID: dbcdd6c7364eb279c2ad27469d5c4b9fd01b85b1726a681ba360b5980a4abad2
                                    • Opcode Fuzzy Hash: 624d609a75558fc4b63bc7327f66e330394e004f7a0e1ef81abe189d910ea156
                                    • Instruction Fuzzy Hash: B83158B3F5052447F358883ACC683A2658397D0324F2F82798E19AB7C9D8BE9C071284
                                    Function 00BA9242 Relevance: .1, Instructions: 107COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 103283ec85844519d9c138249ce8806b215541fa5b92d0933611fa98131598d4
                                    • Instruction ID: 202ca51c3609b1d75eaf781dc367e7b4948450e779035039a813e3483c970575
                                    • Opcode Fuzzy Hash: 103283ec85844519d9c138249ce8806b215541fa5b92d0933611fa98131598d4
                                    • Instruction Fuzzy Hash: E73150F7F6152547F3440839DE593A21883D7E1314F2F82388A5D9BBCADCBE8D0A5284
                                    Function 00C831BB Relevance: .1, Instructions: 103COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 4fb41a23c80e0dcd8f66a44ed78105d54933966fc6cf44481dab5a0f39b9e46e
                                    • Instruction ID: 885f310f9f69128bb74c0af65861b85d35fcf72844fcdba57ed7c319e7916f92
                                    • Opcode Fuzzy Hash: 4fb41a23c80e0dcd8f66a44ed78105d54933966fc6cf44481dab5a0f39b9e46e
                                    • Instruction Fuzzy Hash: 7B312BB3F4162507F3984879CDA83A25583AB95320F2F82398F4D6B7C6DCBE5D4A5384
                                    Function 00BC10A7 Relevance: .1, Instructions: 102COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 9d1fe7ec55d43806509801b09f3a511999053ffc22cc43c767a3ff55e500249c
                                    • Instruction ID: 47b8e095b4da60850eea412796673de8b1685f10de786bf8056fecb863ac1b33
                                    • Opcode Fuzzy Hash: 9d1fe7ec55d43806509801b09f3a511999053ffc22cc43c767a3ff55e500249c
                                    • Instruction Fuzzy Hash: 0C3157B7F516210BF3544868DC88392658397D5325F2F82798F1CAB7C6D8BE9C464384
                                    Function 00BDC15E Relevance: .1, Instructions: 102COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: bcc0d7c984e312058981194f37f51a37a7257ed0a95a96a6f03260ba321999f8
                                    • Instruction ID: 077dce721adfb0d41d7705d590dadf92f719439d091f08851f0bb00ff999512d
                                    • Opcode Fuzzy Hash: bcc0d7c984e312058981194f37f51a37a7257ed0a95a96a6f03260ba321999f8
                                    • Instruction Fuzzy Hash: 143134FBE515360BF3904864CD983A2558257E4368F3F82B88E0C7BBC6E87E1D0A52C0
                                    Function 00BFC514 Relevance: .1, Instructions: 100COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: fb6514eb52d1dee230648f731db912a9efeb04264fee6301e34a078b7ec1ac93
                                    • Instruction ID: 850c2e7c15d83d6e40880c39d77dd3b66ca43f3b2a33be98e9bf5f044a6352cc
                                    • Opcode Fuzzy Hash: fb6514eb52d1dee230648f731db912a9efeb04264fee6301e34a078b7ec1ac93
                                    • Instruction Fuzzy Hash: A6312EF7F61A2647F34448B9CD89392594397A1720F2F82388E6CAB7C5D8BE9D491284
                                    Function 00C2E3A7 Relevance: .1, Instructions: 97COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 5807902e0e334c5a790169e4dff7aff2f6012a4b736806739cfccd0e78c05268
                                    • Instruction ID: b80b9bb8eed94025f80dc15963e4c4d41ec784dec4ee8b7500c3b8c449204fef
                                    • Opcode Fuzzy Hash: 5807902e0e334c5a790169e4dff7aff2f6012a4b736806739cfccd0e78c05268
                                    • Instruction Fuzzy Hash: C0314FFBF61A210BF3444879DD58362558397D5324F2F82798E1CAB7C6D8BE5D4A0384
                                    Function 00B9B29E Relevance: .1, Instructions: 91COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 614db3e2d913920d9f1b038541d9a0fcd60ef5d7b335c07a5b24a6dbb73881fb
                                    • Instruction ID: 3a09ba5676ac4c9757d8932f8ea40a6e958d76d654881a4cb80737041a78b300
                                    • Opcode Fuzzy Hash: 614db3e2d913920d9f1b038541d9a0fcd60ef5d7b335c07a5b24a6dbb73881fb
                                    • Instruction Fuzzy Hash: D8315AB3F015204BF3548839DD58362558397D1324F2F82798E5C6BBCADCBE4E094284
                                    Function 00C7A16B Relevance: .1, Instructions: 90COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: b8f95f498d3811e979f817002ee828e338887c2cf92bdd562fd0d80fabb3e3e2
                                    • Instruction ID: 2ac20fdc6468b71017e29db0b3f3d34831522cccf2461293bf74d396a60c4a62
                                    • Opcode Fuzzy Hash: b8f95f498d3811e979f817002ee828e338887c2cf92bdd562fd0d80fabb3e3e2
                                    • Instruction Fuzzy Hash: 6431F4F7E616254BF3544878CD89392254397A4321F3F82798F686BBC5DCBE8D095288
                                    Function 00C961A9 Relevance: .1, Instructions: 89COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 5f9af9caf2f482843df7804b082b6fa86afff34b622b978eb7a02c70c1092b14
                                    • Instruction ID: 9da3872ab4317856ca644391abb2fb6c4b9be7d2164deef273d74ddd57b4899f
                                    • Opcode Fuzzy Hash: 5f9af9caf2f482843df7804b082b6fa86afff34b622b978eb7a02c70c1092b14
                                    • Instruction Fuzzy Hash: A0314CF7E11A250BF3980824DCA53B21143D7A5324F2F82798F6A6B7C2ECBE4D451384
                                    Function 00C7E458 Relevance: .1, Instructions: 89COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: b8f4862006844aaa47758a7b188ec4833668864191ec3d1c348271686b58bcb9
                                    • Instruction ID: 01025498527175a55afed95e0d2aab56da0af7a569fd870abbd0f52b85b068b9
                                    • Opcode Fuzzy Hash: b8f4862006844aaa47758a7b188ec4833668864191ec3d1c348271686b58bcb9
                                    • Instruction Fuzzy Hash: 3B213BB3F6192507F3548876DD453A2A18397E5321F2F82784F5CABBCADC7E4C0A5284
                                    Function 00BEF1FC Relevance: .1, Instructions: 87COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: f3d73c39f754e24cee500d294207955bdfcc4281659bf2bd23f4f17f5f95471e
                                    • Instruction ID: 00cfc2ed9140afbe027fdf5e09e0827d3526beb7d9852840334dfdcc3e605c61
                                    • Opcode Fuzzy Hash: f3d73c39f754e24cee500d294207955bdfcc4281659bf2bd23f4f17f5f95471e
                                    • Instruction Fuzzy Hash: 782149B3F502210BF39448BDDD983A6A5C2D799314F2F82798E68EB7C5D8AE9D450280
                                    Function 00BE228E Relevance: .1, Instructions: 87COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 73df3f52cd963a08467d9e3c33ba59e0a1086e6721f0c73765922f8b67500132
                                    • Instruction ID: bc8643ec33ad547d84de8e695d3a04ff8a5f1564e3336d7db8acad562e85f005
                                    • Opcode Fuzzy Hash: 73df3f52cd963a08467d9e3c33ba59e0a1086e6721f0c73765922f8b67500132
                                    • Instruction Fuzzy Hash: 972129F3F402150BF3584879DD98362558797D1721F2F82398F58ABBC9DCBE5D464244
                                    Function 00C74020 Relevance: .1, Instructions: 86COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: dd217beee1bdf332c02941c2655c1683d8be7da0b94cf536510820fbdbb2fe40
                                    • Instruction ID: 9255619c09735f744af2654d40b6e4ecef082f3b50cb3d3dc002de5a768fda16
                                    • Opcode Fuzzy Hash: dd217beee1bdf332c02941c2655c1683d8be7da0b94cf536510820fbdbb2fe40
                                    • Instruction Fuzzy Hash: 5A2129F3F106210BF3548879CD98392158397D4715F1F82788F4CABBC9ECBE594A4288
                                    Function 00BCC274 Relevance: .1, Instructions: 84COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 7ede05c26e58c3d02332060787a820f3a625eb925d3dd28d0150eba0e187d80a
                                    • Instruction ID: c0b9a5a5b1afe6c94785b56eafed13d9de8d5bc69f5cb48b0e2c2fbd615614ae
                                    • Opcode Fuzzy Hash: 7ede05c26e58c3d02332060787a820f3a625eb925d3dd28d0150eba0e187d80a
                                    • Instruction Fuzzy Hash: 41215BB7F5152147F3984879CC99362A1839BD1724F2F82398F2DAB7C4DC7D8C4A4284
                                    Function 00C4C3E5 Relevance: .1, Instructions: 82COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 81ec3151ca4933cfceada171183c5853958cd1a5acb997c988e02380870c4243
                                    • Instruction ID: 1993a5ac0f9a0e9465a55462a3479385dede634e6f96b1f37f35056aa206717b
                                    • Opcode Fuzzy Hash: 81ec3151ca4933cfceada171183c5853958cd1a5acb997c988e02380870c4243
                                    • Instruction Fuzzy Hash: EB21DFB3F511264BF3488D29CD583A265438BD4314F2F81788B0C6B7CADCBE6D4A6288
                                    Function 00B9C338 Relevance: .1, Instructions: 77COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: ef7fd857dcf6ae26bab4e2660b3653706d4f2a94ba22d67368fe7c9ed62eacf2
                                    • Instruction ID: 50d94855e0e25a9dd2e57661cf2c5a92ec2205b1d8492729250890f307984616
                                    • Opcode Fuzzy Hash: ef7fd857dcf6ae26bab4e2660b3653706d4f2a94ba22d67368fe7c9ed62eacf2
                                    • Instruction Fuzzy Hash: 84217FB3F116214BF3588879DD683A265438BD5320F2F83788E1D6BBC9DCBE4D465284
                                    Function 00C5041B Relevance: .1, Instructions: 76COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: e7d00ad87baf571f98bc1568449e7de406f29f274277dace3ffa0507eab222ad
                                    • Instruction ID: ba407f978221a387bd8b7b4f6889acc12e6f2595b00125d3e5a6473f8b315167
                                    • Opcode Fuzzy Hash: e7d00ad87baf571f98bc1568449e7de406f29f274277dace3ffa0507eab222ad
                                    • Instruction Fuzzy Hash: D1218CF3F116294BF3848826CC843A26243A7E5315F2F82788F4C2B7C5D8BE5D4A5388
                                    Function 00BDD0B3 Relevance: .1, Instructions: 71COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: d1c9e39c9cb3b798b76386f0f35e5e879df3318135cd1c703cbb272eabc943e6
                                    • Instruction ID: e3c2777d0dc1176be54d65e1675adc8e254e9e57739b357574137ede617a100c
                                    • Opcode Fuzzy Hash: d1c9e39c9cb3b798b76386f0f35e5e879df3318135cd1c703cbb272eabc943e6
                                    • Instruction Fuzzy Hash: D0215EF3F1162007F758492ADCA83B66143DBE5315F2F81398B4A5B7C6DDBE1C464284
                                    Function 00C244EB Relevance: .1, Instructions: 71COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 8f89faadd09a552ead3f45b8562eb2d67ed60c25655f14f112ab4f5b75e8463a
                                    • Instruction ID: 70c303f9feda0c36d9496deaf13f126f985caae1f4918a82cdbc379c0f9cdcb4
                                    • Opcode Fuzzy Hash: 8f89faadd09a552ead3f45b8562eb2d67ed60c25655f14f112ab4f5b75e8463a
                                    • Instruction Fuzzy Hash: 15214CF7E5122547F3544C74DDA9362A5869790321F2F42398E2CB7BC9D97E8D0A42C4
                                    Function 00B645F0 Relevance: .1, Instructions: 64COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                    • Instruction ID: 9759ab090241cd040c10c088039d1393ddd43f239847ecfc6af67316846c72ae
                                    • Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                    • Instruction Fuzzy Hash: 5D110833A055E40EC3168D3CC440565BFE34AA3234F5D83D9F4B89B2D6D7278D8A8354
                                    Function 00B5A060 Relevance: .1, Instructions: 63COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: d6f3737fdae1c0a01f48b6376bcbd426907f24c0dc4d500755e45f99c257de23
                                    • Instruction ID: bfe18f2cff769e0b883b5eb87299b6e37ffd98746f19660a53a9737ed5e2fc91
                                    • Opcode Fuzzy Hash: d6f3737fdae1c0a01f48b6376bcbd426907f24c0dc4d500755e45f99c257de23
                                    • Instruction Fuzzy Hash: 890171F571070147DB209E5495D172BB2E8AF84706F1D46ECED0467282DB76EC0D8693
                                    Function 00B5B3DE Relevance: .0, Instructions: 40COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: 2b645666ce8ccc8bb78cf4a655492aebab5b21ed2130b3422685e7aadbd8438b
                                    • Instruction ID: b6952d8c1cedeef1c7dfcf75a66334452dd8b5d296b6ef921d9f2f780310db62
                                    • Opcode Fuzzy Hash: 2b645666ce8ccc8bb78cf4a655492aebab5b21ed2130b3422685e7aadbd8438b
                                    • Instruction Fuzzy Hash: 00F054259896C345C3298B3E8070731EBE18FB7351F2C55E8C8D657392DB2A980D9755
                                    Function 00B5B475 Relevance: .0, Instructions: 16COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: b00e5c6ee7c69437ba9d38c729a6a0385fcd3e32a4aa18abdf8686344ffdd22e
                                    • Instruction ID: c4b9ab0d8111c1203fb30a7cff08f25041bdc9e066ef8d5dcecb8e6dd0cf22f6
                                    • Opcode Fuzzy Hash: b00e5c6ee7c69437ba9d38c729a6a0385fcd3e32a4aa18abdf8686344ffdd22e
                                    • Instruction Fuzzy Hash: 1CD022B4D085005BC21CDF10EE22439B2A88F4739AF042428E40BEB303CE34E8A0850A
                                    Function 00B3C274 Relevance: .0, Instructions: 13COMMON
                                    Download Yara Rule
                                    Memory Dump Source
                                    • Source File: 00000000.00000002.1735983315.0000000000B31000.00000040.00000001.01000000.00000003.sdmp, Offset: 00B30000, based on PE: true
                                    • Associated: 00000000.00000002.1735968277.0000000000B30000.00000004.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1735983315.0000000000B72000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736024400.0000000000B83000.00000008.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000B85000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000DE0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E07000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E0E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736037082.0000000000E1D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736253213.0000000000E1E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736348002.0000000000FB5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                    • Associated: 00000000.00000002.1736361931.0000000000FB6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                    Joe Sandbox IDA Plugin
                                    • Snapshot File: hcaresult_0_2_b30000_file.jbxd
                                    Similarity
                                    • API ID:
                                    • String ID:
                                    • API String ID:
                                    • Opcode ID: ac0b931fc4576dd5466f0f77fdf1f403fbe41fb6c980a61dc3f06e121c796103
                                    • Instruction ID: c7fb30f17d0249b32b8684a2596ea7eb0091002a275a02b23051085ea43c9fc2
                                    • Opcode Fuzzy Hash: ac0b931fc4576dd5466f0f77fdf1f403fbe41fb6c980a61dc3f06e121c796103
                                    • Instruction Fuzzy Hash: A3D0122094A2994AC30A8F389CA1731B7B5EB03100F043548C142DB3D1CBD098968658